relnotes: improve PG 15 schema permission change wording

Reported-by: Noah Misch

Discussion: https://postgr.es/m/20220630050808.GC2257984@rfd.leadboat.com

Backpatch-through: 15 only

doc/src/sgml/release-15.sgml

@@ -58,16 +58,20 @@ Author: Noah Misch <noah@leadboat.com>
      </para>
 
      <para>
-      This is a change in the default for newly-created databases in
+      The new default is one of the secure schema usage patterns that <xref
-      existing clusters and for new clusters;  <literal>USAGE</literal>
+      linkend="ddl-schemas-patterns"/> has recommended since the security
-      permissions on the <literal>public</literal> schema has not
+      release for CVE-2018-1058.  The change applies to newly-created
-      been changed.  Databases restored from previous Postgres releases
+      databases in existing clusters and for new clusters.  Upgrading a
-      will be restored with their current permissions.  Users wishing
+      cluster or restoring a database dump will preserve existing permissions.
-      to have the former permissions will need to grant
+     </para>
-      <literal>CREATE</literal> permission for <literal>PUBLIC</literal>
+
-      on the <literal>public</literal> schema; this change can be made
+     <para>
-      on <literal>template1</literal> to cause all new databases
+      For existing databases, especially those having multiple users,
-      to have these permissions.
+      consider revoking <literal>CREATE</literal> permission on
+      the <literal>public</literal> schema to adopt this new default.
+      For new databases having zero need to defend against insider threats,
+      granting <literal>CREATE</literal> permission will yield the behavior
+      of prior releases.
      </para>
     </listitem>