Set search_path to empty string to follow security best practices

[nilsreichardt]

What kind of change does this PR introduce?

Security fix.

What is the current behavior?

Supabase Security Advisor suggests to set search_path to an empty string. See:

• Supabase Security Advisor says "Function Search Path Mutable" #17

What is the new behavior?

• Added an empty string to every function
• Explicitly set the schema when calling another function

Additional context

This pull request includes changes to ensure that all SQL queries explicitly reference the public schema and set the search path to an empty string to avoid ambiguity.

See https://supabase.com/docs/guides/database/database-advisors?queryGroups=lint&lint=0011_function_search_path_mutable

Closes #17

[XStarlink]

@nilsreichardt Thanks for your work !! Who should we ping at Supabase to review this PR ?

[XStarlink]

Hello @burggraf, I'm really sorry to ping you here, It's just to ask for a review when you'll have some time.

And by the way thank you very very much for this ultra helpful project !!

[XStarlink]

Hey @dshukertjr !

Sorry to bother you by pinging here, but do you know who we should ask to get this security-improving PR reviewed and merged? It fixes important Security Advisor warnings about mutable search_path in custom claims functions.
By the way, great job on your video content - I love it and watch everything I see from Supabase!
You guys are doing amazing work !

Thanks in advance!