feat(mcp): implement RBAC permission checking for MCP tools (#38407)

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

superset/mcp_service/sql_lab/tool/execute_sql.py

@@ -50,7 +50,11 @@ from superset.mcp_service.utils.schema_utils import parse_request
 logger = logging.getLogger(__name__)
 
 
-@tool(tags=["mutate"])
+@tool(
+    tags=["mutate"],
+    class_permission_name="SQLLab",
+    method_permission_name="execute_sql_query",
+)
 @parse_request(ExecuteSqlRequest)
 async def execute_sql(request: ExecuteSqlRequest, ctx: Context) -> ExecuteSqlResponse:
     """Execute SQL query against database using the unified Database.execute() API."""