Relax query access control to denylist, add log store query support

Replace table/column allowlists with a denylist approach: only
controller_secrets and api_keys are blocked for non-admin users,
all other tables are freely queryable. Column-level restrictions
removed except for permanently blocked columns (key_hash, secret values).

Add database parameter to execute_query() allowing queries against the
log store DB (database="logs"). Cross-database joins are prevented by
validating all tables exist in the target database schema.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: rjpower