The server creates a rewritten query with sensitive information
such as passwords obfuscated. Various functions in sql_user.cc
and sql_authorization.cc caused a second rewrite to happen (this
time to include hashed passwords for use in the binlog). This
freed and reassigned the rewritten_query on the THD. This could
lead to problems when SHOW PROCESSLIST in another thread had
already obtained a pointer to the old value. Vice versa,
re-allocation could also happen in SHOW PROCESSLIST's c_ptr_safe()
while the user/auth code was assembling a rewritten query. This
was possible because of the aforementioned functions, only
SHOW PROCESSLIST obtained a lock.

This patch fixes the immediate problem by making rewritten_query
on the THD private and adding a (const) getter and a setter (that
acquire LOCK_thd_query) to make the interface clearer and safer
to prevent similar issues in the future. This also means that
while a rewritten query may be assembled in several steps, it
is now only updated on the THD once complete.

Approved by: Praveenkumar Hulakund <praveenkumar.hulakund@oracle.com>