protectedts: rework protected timestamp storage for multi-tenant model

[adityamaru]

This is a tracking issue for the work that will be required to support protected timestamps in a multi-tenant mode. This is a very high level breakdown of tasks, the understanding of which might evolve as we get to coding them.

RFC #74685

Client side:

• protectedts: add target field to pts record #74211: Change ptpb.Record to reflect that we will be protecting objects instead of spans
• {backup,changefeed,streaming}ccl: start populating pts target #74248: Populate the newly added target field at all call sites were we construct a ptpb.Record. (Backup, CDC, tests)
• migrations: add target column to system.pts_records #74281 Change the system.protected_timestamp_records table schema to have an additional BYTES column to store this target information. This includes adding a migration for clusters being upgraded.
• ptstorage: change Protect and GetRecord to work with target column #74297 Refactor the Protect method (and other ptpb.Storage interface methods) to insert into the new target column.
• Add logic to the SQLTranslator, SQLWatcher, and Reconciler to emit relevant span configurations.
  - spanconfigsqltranslator: introduce a pts table reader #74737
  - spanconfigsqltranslator: populate protected_timestamps in SpanConfig #74803
  - spanconfigsqlwatcher: add a system.protected_ts_records decoder #74913
  - spanconfigsql{watcher,reconciler}: setup SQLWatcher to watch for pts updates #75122
• ptreconcile,server: rework ptreconciler for multi-tenant #75688 Ensure pts reconciliation works as it did before.
• spanconfigsqltranslator: emit all SystemTarget span configs when required #76606 Teach the SQLTranslator to emit SystemTargets
• changefeedccl: periodic pts record updates #76605
• spanconfigreconciler{ccl}: apply system span config diffs to the store #76948 Hookup the Reconciler to use the SystemSpanConfigStore.

KV side

• roachpb: introduce the concept of SystemSpanConfig and related protos #74765: Data model change to span configurations to enable PTS
• spanconfig: replace roachpb.SpanConfigEntry in package spanconfig  #76213: Introduce Targets and Records, remove roachpb.SpanConfigEntry in package spanconfig to as a prerequisite to modifying RPCs
• spanconfig: modify existing RPCs to work with system span configurations #76219: Modify existing RPCs to get/update SystemSpanConfigs
• KVAccessor changes to write system span configurations
  - spanconfig: teach the KVAccessor about system span configurations #76414
  - spanconfig: introduce new read-only system target #76721
• spanconfigstore: introduce a system span config store #76871 Introduce the SystemSpanConfigStore to keep an in-memory copy of all SystemSpanConfigs + hydrate configurations when serving them
• spanconfigkvsubscriber: teach the KVSubscriber about system span configs  #76942 Teach the KVSubscriber to react to system span configuration updates
• PTSReader interface:
  - spanconfig: introduce the ProtectedTSReader interface  #75285 Introduce the ProtectedTSReader interface, have the protectedts.Cache implement it, and make AdminVerifyProtectedTimestamp a no-op.
  - spanconfig: implement the ProtectedTSReader interface on the KVSubscriber #77338 Make the KVSubscriber implement the ProtectedTSReader interface and create an adapter interface to work with both the old and new subsystems for v22.1.

Stability followups (requirements):

• spanconfig: cleanup system span configs that apply to a tenant when GC-ing it #76931
• gcjob: teach the GC job to respect protected timestamps on tables/indexes #77156
• gcjob: consult protected timestamps when deciding to GC tenants #77239
• protectedts: switch backup, changefeed tests to use the new protected timestamp subsystem  #77495
• spanconfig: add Record constructor and validation #77349 Add validation to ensure span configs associated with SystemTargets only have the ProtectionPolicy field set on them.
• ptverifier: delete the protected timestamp Verifier #75883 Remove Verify calls, and verification logic while still supporting semantics in a mixed-version state.

Stability followups (nice to have):

• Add support for tenant spans to spanconfig.Store and spanconfig.KVSubscriber datadriven tests.

Dropped approach for RPCS:

• roachpb,server,spanconfig: introduce RPCs for SystemSpanConfigs #75615
• systemspanconfig: introduce Target and encoding/decoding methods #75641
• spanconfigkvaccessor: implement system span config RPCS #75769

Epic: CRDB-10306

Jira issue: CRDB-11712

[blathers-crl]

cc @cockroachdb/bulk-io