MDEV-36425 Extend read_only to also block share locks and super user

The main purpose of this allow one to use the --read-only
option to ensure that no one can issue a query that can
block replication.

The --read-only option can now take 4 different values:
0  No read only (as before).
1  Blocks changes for users without the 'READ ONLY ADMIN'
   privilege (as before).
2  Blocks in addition LOCK TABLES and SELECT IN SHARE MODE
   for not 'READ ONLY ADMIN' users.
3  Blocks in addition 'READ_ONLY_ADMIN' users for all the
   previous statements.

read_only is changed to an enum and one can use the following
names for the lock levels:
OFF, ON, NO_LOCK, NO_LOCK_NO_ADMIN

Too keep things compatible with older versions config files, one can
still use values FALSE and TRUE, which are mapped to OFF and ON.

The main visible changes are:
- 'show variables like "read_only"' now returns a string
   instead of a number.
- Error messages related to read_only violations now contains
  the current value off readonly.

Other things:
- is_read_only_ctx() renamed to check_read_only_with_error()
- Moved TL_READ_SKIP_LOCKED to it's logical place

Reviewed by: Sergei Golubchik <serg@mariadb.org>

mysql-test/suite/perfschema/r/read_only.result

@@ -9,7 +9,7 @@ set global read_only=0;
 connection con1;
 select @@global.read_only;
 @@global.read_only
-0
+OFF
 show grants;
 Grants for pfsuser@localhost
 GRANT USAGE ON *.* TO `pfsuser`@`localhost`
@@ -23,7 +23,7 @@ set global read_only=1;
 connection con1;
 select @@global.read_only;
 @@global.read_only
-1
+ON
 show grants;
 Grants for pfsuser@localhost
 GRANT USAGE ON *.* TO `pfsuser`@`localhost`
@@ -38,7 +38,7 @@ disconnect con1;
 connect  con1, localhost, pfsuser, ,"*NO-ONE*";
 select @@global.read_only;
 @@global.read_only
-1
+ON
 show grants;
 Grants for pfsuser@localhost
 GRANT READ_ONLY ADMIN ON *.* TO `pfsuser`@`localhost`