pgsql: Fix EPQ crash from missing partition directory in EState

Fix EPQ crash from missing partition directory in EState

EvalPlanQualStart() failed to propagate es_partition_directory into
the child EState used for EPQ rechecks. When execution time partition
pruning ran during the EPQ scan, executor code dereferenced a NULL
partition directory and crashed.

Previously, propagating es_partition_directory into the EPQ EState was
unnecessary because CreatePartitionPruneState(), which sets it on
demand, also initialized the exec-pruning context. After commit
d47cbf474, CreatePartitionPruneState() now initializes only the init-
time pruning context, leaving exec-pruning context initialization to
ExecInitNode(). Since EvalPlanQualStart() runs only ExecInitNode() and
not CreatePartitionPruneState(), it can encounter a NULL
es_partition_directory. Other executor fields initialized during
CreatePartitionPruneState() are already copied into the child EState
thanks to commit 8741e48e5d, but es_partition_directory was missed.

Fix by borrowing the parent estate's es_partition_directory in
EvalPlanQualStart(), and by clearing that field in EvalPlanQualEnd()
so the parent remains responsible for freeing the directory.

Add an isolation test permutation that triggers EPQ with execution-
time partition pruning, the case that reproduces this crash.

Bug: #19078
Reported-by: Yuri Zamyatin <yuri(at)yrz(dot)am>
Diagnosed-by: David Rowley <dgrowleyml(at)gmail(dot)com>
Author: David Rowley <dgrowleyml(at)gmail(dot)com>
Co-authored-by: Amit Langote <amitlangote09(at)gmail(dot)com>
Discussion: https://postgr.es/m/19078-dfd62f840a2c0766@postgresql.org
Backpatch-through: 18

Branch
------
REL_18_STABLE

Details
-------
https://git.postgresql.org/pg/commitdiff/1296dcf18b1cf3a064e5981c1655d133f0b1206f

Modified Files
--------------
src/backend/executor/execMain.c | 10 ++++++++++
src/test/isolation/expected/eval-plan-qual.out | 7 +++++++
src/test/isolation/specs/eval-plan-qual.spec | 2 ++
3 files changed, 19 insertions(+)