Injection safe interface for building literals

[jakobbraun]

Right now now there is no possibility to build injection save statements directly. The only possible way is to use SQL prepared statements and place holders. This does however not work for all use cases. For example in a virtual schema the push down statement is just an string, not a SQL Statement. Thus place holders can't be used.

[redcatbear]

As discussed with @kaklakariada, validating and cleaning string literals is the responsibility of the API user. Using untrusted input without validation in SSB's string literals is not OK. Untrusted input must only be used with prepared statements and placeholders (and even in this case previous validation by the user of the API is a good idea).