doc: Mention all SELECT privileges required by INSERT ... ON CONFLICT.

On the INSERT page, mention that SELECT privileges are also required
for any columns mentioned in the arbiter clause, including those
referred to by the constraint, and clarify that this applies to all
forms of ON CONFLICT, not just ON CONFLICT DO UPDATE.

Author: Dean Rasheed <dean.a.rasheed@gmail.com>
Reviewed-by: Viktor Holmberg <v@viktorh.net>
Discussion: https://postgr.es/m/CAEZATCXGwMQ+x00YY9XYG46T0kCajH=21QaYL9Xatz0dLKii+g@mail.gmail.com
Backpatch-through: 14

doc/src/sgml/ref/insert.sgml

@@ -113,10 +113,13 @@ INSERT INTO <replaceable class="parameter">table_name</replaceable> [ AS <replac
    <literal>INSERT</literal> privilege on the listed columns.
    Similarly, when <literal>ON CONFLICT DO UPDATE</literal> is specified, you
    only need <literal>UPDATE</literal> privilege on the column(s) that are
-   listed to be updated.  However, <literal>ON CONFLICT DO UPDATE</literal>
-   also requires <literal>SELECT</literal> privilege on any column whose
-   values are read in the <literal>ON CONFLICT DO UPDATE</literal>
-   expressions or <replaceable>condition</replaceable>.
+   listed to be updated.  However, all forms of <literal>ON CONFLICT</literal>
+   also require <literal>SELECT</literal> privilege on any column whose values
+   are read.  This includes any column mentioned in
+   <replaceable>conflict_target</replaceable> (including columns referred to
+   by the arbiter constraint), and any column mentioned in an
+   <literal>ON CONFLICT DO UPDATE</literal> <replaceable>expression</replaceable>,
+   or a <literal>WHERE</literal> clause <replaceable>condition</replaceable>.
   </para>
 
   <para>