[Feature]: [embedded] Support parameterized query

[hnwyllmm]

Use Case

Currently, embedded execute interface only support a SQL string parameter. But it's unsafe and difficult to process strings with "'".

Describe the solution you'd like

Support parameterize query interface like pymysql.

[x-tong]

I searched for examples of pymysql, do we only need to implement it in the embedded mode?

cursor = conn.cursor()
sql = "SELECT * FROM users WHERE username = %s AND status = %s"
username = 'alice'
status = 'active'
cursor.execute(sql, (username, status))
results = cursor.fetchall()

[hnwyllmm]

Yes, we just need this feature.

[zamaoxiaoji]

I'm working on resolving this issue and will propose a preliminary solution PR later.

[zamaoxiaoji]

I have already submitted a PR that includes the design document. @hnwyllmm @zhanghuidinah