read-only mode should reject write SQL in execute_query

## Problem
`--read-only` / `clickhouse.read_only=true` is currently documented as read-only mode, but `execute_query` still executes non-read statements (INSERT/CREATE/ALTER/DELETE/etc.) through `Exec`.

## Why this is risky
Users can reasonably expect this flag to enforce write protection at the MCP layer. Today it only affects connection settings behavior, so write statements may still be executed if DB grants permit them.

## Expected behavior
When `read_only=true`, reject non-read statements before execution and return a clear error.

## Proposed fix
- Add a guard in query execution path to block non-read SQL when `read_only=true`.
- Keep read statements allowed (`SELECT`, `WITH`, `SHOW`, `DESC`, `EXISTS`, `EXPLAIN`).
- Update tests and docs to clarify enforced behavior.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

read-only mode should reject write SQL in execute_query #56

Problem

Why this is risky

Expected behavior

Proposed fix

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

read-only mode should reject write SQL in execute_query #56

Description

Problem

Why this is risky

Expected behavior

Proposed fix

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions