MDEV-21778 Disable system commands in mysql/mariadb client

mysql --sandbox

disables system (\!), tee (\T), pager with an argument(\P foo), source (\.)

does *not* disable edit (\e). Use EDITOR=/bin/false to disable
or, for example, EDITOR=rnano for something more useful

does *not* disable pager (\P) without an argument. Use
PAGER=cat or, for example PAGER=less LESSSECURE=1 for something
more useful

using a disabled command is an error, which can be ignored with --force

Also, a "sandbox" command (\-) - enables the sandbox mode until EOF
(current file or the session, if interactive)

mysql-test/main/mysql.test

@@ -716,3 +716,43 @@ drop table t1;
 #
 --echo
 --exec $MYSQL test --enable-cleartext-plugin -e "select 1"
+
+--echo # End of 10.3 tests
+
+--echo #
+--echo # MDEV-21778 Disable system commands in mysql/mariadb client
+--echo #
+
+--error 1
+--exec $MYSQL --sandbox -Ne "select 1; \! echo foo; select 0" 2>&1
+--error 1
+--exec $MYSQL --sandbox -Ne "select 2; \T echo foo; select 0" 2>&1
+--error 1
+--exec $MYSQL --sandbox -Ne "select 3; \. echo.foo; select 0" 2>&1
+
+--write_file $MYSQL_TMP_DIR/mysql_in
+select 'entering sandbox';
+\-
+select 'system';
+\! echo foo
+select 'tee';
+\T echo foo
+select 'source';
+\. echo.foo
+select '^^^';
+EOF
+
+write_line "select 1;
+source $MYSQL_TMP_DIR/mysql_in;
+select 2;
+source $MYSQL_TMP_DIR/mysql_in;
+sandbox;
+select 3;
+source $MYSQL_TMP_DIR/mysql_in;" $MYSQL_TMP_DIR/mysql_in2;
+
+--exec $MYSQL -fN <$MYSQL_TMP_DIR/mysql_in2
+
+--remove_file $MYSQL_TMP_DIR/mysql_in
+--remove_file $MYSQL_TMP_DIR/mysql_in2
+
+--echo # End of 10.5 tests