[#9535] feat(api): introduce FUNCTION metadata object type and function privileges

[mchades]

What changes were proposed in this pull request?

Add the FUNCTION metadata object type and three new function-level privileges
(REGISTER_FUNCTION, EXECUTE_FUNCTION, MODIFY_FUNCTION) to the Gravitino
authorization API, following the design in
design-docs/gravitino-function-privilege.md.

Key changes:

• MetadataObject.Type.FUNCTION — new FUNCTION type
• Privilege.Name.REGISTER_FUNCTION/EXECUTE_FUNCTION/MODIFY_FUNCTION — three new privilege names
• Privileges.RegisterFunction/ExecuteFunction/ModifyFunction — corresponding privilege classes with correct supported-type bindings
• SecurableObjects.ofFunction() — convenience factory for function securable objects
• MetadataObjects — FUNCTION added to valid three-level name types

Why are the changes needed?

Gravitino manages user-defined functions (UDFs) but provides no access
control at the function level. This PR is the API foundation for
end-to-end function privilege enforcement.

Fix: #9535

Does this PR introduce any user-facing change?

• New public API types and classes: MetadataObject.Type.FUNCTION,
  Privilege.Name.REGISTER_FUNCTION, EXECUTE_FUNCTION, MODIFY_FUNCTION
• New Privileges.RegisterFunction, ExecuteFunction, ModifyFunction classes
• New SecurableObjects.ofFunction(...) factory method

How was this patch tested?

• TestMetadataObjects.testFunctionObject — validates FUNCTION metadata object construction
• TestSecurableObjects — new entries for canBindTo and manageGrants FUNCTION binding
• All unit tests pass: ./gradlew :api:test -PskipITs

[github-actions]

Code Coverage Report

Overall Project	65.15% +0.04%	🟢
Files changed	70.93%	🟢

Module	Coverage
aliyun	1.73%	🔴
api	47.27% +3.81%	🟢
authorization-common	85.96%	🟢
aws	1.1%	🔴
azure	2.6%	🔴
catalog-common	10.2%	🔴
catalog-fileset	80.02%	🟢
catalog-glue	75.36%	🟢
catalog-hive	81.83%	🟢
catalog-jdbc-clickhouse	79.06%	🟢
catalog-jdbc-common	42.89%	🟢
catalog-jdbc-doris	80.28%	🟢
catalog-jdbc-hologres	54.03%	🟢
catalog-jdbc-mysql	79.23%	🟢
catalog-jdbc-oceanbase	78.38%	🟢
catalog-jdbc-postgresql	82.05%	🟢
catalog-jdbc-starrocks	78.27%	🟢
catalog-kafka	77.01%	🟢
catalog-lakehouse-generic	45.07%	🟢
catalog-lakehouse-hudi	79.1%	🟢
catalog-lakehouse-iceberg	87.16%	🟢
catalog-lakehouse-paimon	77.71%	🟢
catalog-model	77.72%	🟢
cli	44.51%	🟢
client-java	77.63%	🟢
common	48.97%	🟢
core	81.41%	🟢
filesystem-hadoop3	76.97%	🟢
flink	40.55%	🟢
flink-runtime	0.0%	🔴
gcp	14.2%	🔴
hadoop-common	10.39%	🔴
hive-metastore-common	46.14%	🟢
iceberg-common	50.73%	🟢
iceberg-rest-server	66.03%	🟢
integration-test-common	0.0%	🔴
jobs	66.17%	🟢
lance-common	23.88%	🔴
lance-rest-server	57.84%	🟢
lineage	53.02%	🟢
optimizer	82.87%	🟢
optimizer-api	21.95%	🔴
server	85.89%	🟢
server-common	69.52%	🟢
spark	32.79%	🔴
spark-common	39.09%	🔴
trino-connector	33.83%	🔴

Files

Module	File	Coverage
api	MetadataObject.java	100.0%	🟢
	Privilege.java	95.45%	🟢
	MetadataObjects.java	87.95%	🟢
	Privileges.java	63.85%	🟢
	SecurableObjects.java	60.34%	🟢