Disallow attaching non-DuckDB databases if enable_external_access is disabled

[Mytherin]

This partially reverts the changes made in #14568

We used to fully disallow ATTACH when this setting was disabled. We now allow attaching, and fail later based on the allowed_directories/allowed_paths . This allows us to still attach files if they are within the allowed set of paths.

Storage extensions do not necessarily abide by these rules, however. For now we just move back to disallowing ATTACH of non-DuckDB files entirely if the setting is set to false.

[carlopi]

I am not sure, I think it might not be the right place, since a sqlite file will still pass the check (say ATTACH 'sakila.db') and, less serious, but ATTACH 'duckdb:myfile.db' will not pass the check.

[Mytherin]

That's a good point - but the SQLite file will only pass the check if it is able to be opened using the DuckDB filesystem which means it is in the allowed_directories, so that's not specifically a security concern at least. We can think about it a bit more going forward, because in general we should be able to allow SQLite to support the allowed_paths instead of being blanket disallowed.