Would that also require a separate commitfest entry?
The ha*_something_privilege() changes are also not very consistent.
We already have have_createrole_privilege(), which does include a superuser check, and you add has_replication_privilege() with a superuser check, but has_catupdate_privilege() and has_inherit_privilege() don't include a superuser check. That's clearly a mess.
Good catch. Though, according to the documentation, not even superuser is allowed to bypass CATUPDATE.
However, I can't think of a reason why "inherit" wouldn't need the superuser check. Obviously superuser is considered a member of every role, but is there a reason that a superuser would not be allowed to bypass this? I only ask because it did not have a check previously, so I figure there might have been a good reason for it?
Btw., why rename have_createrole_privilege()?
Well, actually it wasn't necessarily a rename. It was a removal of that function all together as all it did was simply return the result of "has_createrole_privilege". That seemed rather redundant and unnecessary, IMO.
Also, your patch has spaces between tabs. Check for whitespace errors with git.