I think the scope of this request is much smaller than that one, so should be more doable. That one, IIUC, is more of a ALTER SYSTEM STOP_ALL_ACTIVITY_EVEN_WAL but we are looking for more of a "stop any overt changes to our data via any non-select command" while still allowing all sorts of background/maintenance activity to continue on. Basically, anything that would cause a pg_dump to be different.
I'm a +1 to the cluster-wide change, and a -1 to the per-connection idea that started this thread, because I still don't see the need for it when we have an existing roles/permissions system that gets the job done. You want your untrusted agent to read from your database? Create a specific role for that. If our existing per-role access controls are not sufficient, improve them.
