Add spec for tiger db create role command (#58)

  Implement `tiger db create role` command

  Adds a new command to create PostgreSQL database roles with enhanced safety features
  for AI agents and automated tools.

  Features:
  - Create roles with auto-generated or explicit passwords
  - Read-only enforcement via tsdb_admin.read_only_role for safe AI agent access
  - Inherit permissions from existing roles with --from flag (supports multiple roles)
  - Statement timeout configuration for query time limits
  - Password storage integration (keyring/pgpass)
  - Special handling for tsdbadmin inheritance using TimescaleDB Cloud functions

  Implementation details:
  - Uses transactions for atomic role creation and configuration
  - Supports both standard PostgreSQL role creation and TimescaleDB Cloud special functions
  - Handles --from tsdbadmin with timescale_functions.create_bare_readonly_role() and 
    timescale_functions.grant_tsdbadmin_to_role() to bypass ADMIN OPTION restrictions
  - Validates that tsdbadmin inheritance requires --read-only flag
  - Prevents SQL injection with proper identifier sanitization
  - StringSliceVar for --from flag supporting both comma-separated and multiple flags

  Testing:
  - Comprehensive integration tests for all role creation scenarios
  - Tests for read-only enforcement with table access verification
  - Tests for role inheritance and permission grants
  - SQL injection prevention tests
  - Duplicate role name error handling

  Documentation:
  - Added detailed specifications in specs/spec.md
  - Updated CLAUDE.md with development guidelines
  - Created integration test helper script for easier testing
  - Documented default permissions behavior and use cases

  Fixes:
  - Fixed authentication test failures by removing invalid --project-id flags
  - Renamed TestServiceNotFound to TestServiceNotFoundIntegration for pattern matching
  - Simplified test-integration.sh script from 84 to 31 lines following Unix philosophy

Co-authored-by: Claude <noreply@anthropic.com>

Author: cevian

CLAUDE.md

@@ -38,6 +38,32 @@ go run ./cmd/tiger --help
 ```
 
 ### Integration Testing
+
+#### Using the Test Script (Recommended)
+```bash
+# Run all integration tests (default pattern: Integration)
+./scripts/test-integration.sh
+
+# Run with verbose output
+./scripts/test-integration.sh -v
+
+# Run specific test pattern (overrides default)
+./scripts/test-integration.sh -run CreateRole
+
+# Run with custom timeout
+./scripts/test-integration.sh -timeout 10m
+
+# Combine flags (any go test flags are supported)
+./scripts/test-integration.sh -v -run CreateRole_WithInheritedGrants -timeout 5m
+```
+
+The script automatically:
+- Loads environment variables from `.env` file
+- Builds the tiger CLI binary
+- Runs tests matching "Integration" pattern by default
+- Passes all arguments through to `go test` (supports all standard go test flags)
+
+#### Manual Testing
 ```bash
 # Run all tests (integration tests will skip without credentials)
 go test ./...