Snowddl

- Introduced CLI option `--env-prefix-separator` which allows to choose separator for env prefix from one of three pre-defined variants: `__`, `_`, `$`. Default is `__`.
- Implemented `AUTHENTICATION_POLICY` object type. It can be referenced from `ACCOUNT_POLICY` and `USER` configs.
- Reworked `WAREHOUSE` resolver, implemented `resource_constraint` parameter for Snowpark-optimized warehouses.

This is a major update to policies, which introduces some breaking changes. [Read more about it](https://docs.snowddl.com/breaking-changes-log/0.33.0-october-2024).

- Introduced `ACCOUNT_POLICY` config to set ACCOUNT-level policies. Currently only `NETWORK_POLICY` is supported, but more policy types will be added in the future.
- Reworked `NETWORK_POLICY` object type. Now it behaves similarly to other policies.
- Setting `NETWORK_POLICY` on `ACCOUNT` now requires `account_policy.yaml`. Setting it via `account_params.yaml` no longer works.
- Setting `NETWORK_POLICY` on `USER` now requires explicit `network_policy` parameter. Setting it via `session_params` no longer works.
- It is now possible (and recommended) to assign `AGGREGATION_POLICY`, `MASKING_POLICY`, `PROJECTION_POLICY`, `ROW_ACCESS_POLICY` via config of specific `TABLE` or `VIEW` instead of mentioning all references in policy config. Old `references` will keep working, but marked as "deprecated" in documentation.
- Introduced separate sequence for "destroy" action. Previously we used "apply" sequence for "destroy", but it may cause issues with some policies. Also, "destroy" sequence is much shorter overall.
- Introduced logic to remove `NETWORK_RULE` references before dropping object itself. Rule cannot be dropped if it still has references.
- `NETWORK_RULE` can now be ALTER-ed if only VALUES_LIST was changed. Previously network rules were always REPLACED.
- Added `type` parameter for `USER`.

- Introduced basic "elapsed timers" for performance debugging. Can be enabled with `--show-timers` CLI parameter.
- Added basic support for `VECTOR` type. It can be used for `TABLE`, but not for `FUNCTION` or `PROCEDURE` due to issues with overloading.
- Converting tables with auto-increment now recognizes `ORDER` and `NOORDER` flags.
- Converting views without newline after `AS` is now possible.

- Implemented custom `__eq__` method to check `Grants`. It helps to take into account edge case for `INTEGRATION` object grants not returning specific integration type from `SHOW GRANTS` command.

- Fixed grants on `EXTERNAL ACCESS INTEGRATION` trying to use full object name instead of simplified object name.
- Reworked how simplified object type names are implemented internally. Now we have normal `singular` name, `singular_for_ref` used in context of policy references, `singular_for_grant` used in context of granting permissions.
- Added more specific identifier type for `ExternalAccessIntegrationBlueprint.full_name` to prevent issues with env prefix and testing.
- Fixed test for `TASK` related to Snowflake changing minimum value of `USER_TASK_MINIMUM_TRIGGER_INTERVAL_IN_SECONDS` parameter.

- Implemented `share_read` parameter for `BUSINESS ROLE` and `owner_share_read` parameter for `DATABASE` and `SCHEMA`.
- Using `share_read` parameter now automatically generates `SHARE_ROLES` with `IMPORTED_PRIVILEGE` on specific share.
- `global_roles` parameter can now accept database roles in addition to normal roles, e.g. `SNOWFLAKE.OBJECT_VIEWER`.