server: audit the direct uses of RPC handler functions from other packages to check for missing authz

[knz]

Identified by @bdarnell in this comment

Today, we have certain places in the code that directly call a Go RPC handler method inside the server package, without actually issuing a RPC call. This bypasses authentication and may thus bypass authorization.

We need to audit these calls to see what to do about them.

In an ideal world:

• none of the RPC handler methods should be usable from another package. This can be achieved by moving their implementation in a new sub-package server/internal

• internal logic should be equipped with adequate authorization barriers.

Jira issue: CRDB-8791

[github-actions[bot]]

We have marked this issue as stale because it has been inactive for 18 months. If this issue is still relevant, removing the stale label or adding a comment will keep it active. Otherwise, we'll close it in 10 days to keep the issue queue tidy. Thank you for your contribution to CockroachDB!