MDEV-5232 SET ROLE checks privileges differently from check_access()

use the same inconsistent priv_user@host pair for SET ROLE privilege checks,
just as check_access() does

mysql-test/suite/roles/set_role-5232.result

@@ -0,0 +1,15 @@
+create user ''@localhost;
+create user c;
+grant select on mysql.* to c;
+create role r1;
+grant r1 to c;
+select user(), current_user();
+user()	current_user()
+c@localhost	@localhost
+select user from mysql.user group by user;
+ERROR 42000: SELECT command denied to user ''@'localhost' for table 'user'
+set role r1;
+ERROR OP000: Invalid role specification `r1`.
+drop role r1;
+drop user c;
+drop user ''@localhost;

mysql-test/suite/roles/set_role-5232.test

@@ -0,0 +1,20 @@
+#
+# MDEV-5232 SET ROLE checks privileges differently from check_access()
+#
+--source include/not_embedded.inc
+create user ''@localhost;
+create user c;
+grant select on mysql.* to c;
+create role r1;
+grant r1 to c;
+connect (c,localhost,c,,,,,);
+select user(), current_user();
+--error ER_TABLEACCESS_DENIED_ERROR
+select user from mysql.user group by user;
+--error ER_INVALID_ROLE
+set role r1;
+disconnect c;
+connection default;
+drop role r1;
+drop user c;
+drop user ''@localhost;

sql/sql_acl.cc

@@ -1871,7 +1871,9 @@ int acl_check_setrole(THD *thd, char *rolename, ulonglong *access)
       continue;
 
     acl_user= (ACL_USER *)acl_user_base;
-    if (acl_user->wild_eq(thd->security_ctx->user, thd->security_ctx->host))
+    /* Yes! priv_user@host. Don't ask why - that's what check_access() does. */
+    if (acl_user->wild_eq(thd->security_ctx->priv_user,
+                          thd->security_ctx->host))
     {
       is_granted= TRUE;
       break;