All permissions ship with the database. It works quite brilliantly as the only access to the databases shipped is through the apps that ship and no tool will allow tampering with the objects that have been explicitly granted to specific users by the owners of the objects. It works very well.
PostgreSQL has an entirely different architecture that is not particularly amenable to what you describe.
If the remote site admins have admin/root access on the machine hosting the PostgreSQL database you cannot prevent them from doing anything they want to the database. You might be able to compile a pre-shared key into the application and encrypt all data at rest. That is what these other tools would have to be doing otherwise your perception of encryption is broken since the admin could simply read the bytes off the disk and decompress/decode them into text (presuming said algorithm is discover-able).
As for the "trust tool"...just read the docs on pb_hba.conf
