pgsql: Fix buggy interaction between array subscripts and subplan param

Fix buggy interaction between array subscripts and subplan params

In a7f107df2 I changed subplan param evaluation to happen within the
containing expression. As part of that, ExecInitSubPlanExpr() was changed to
evaluate parameters via a new EEOP_PARAM_SET expression step. These parameters
were temporarily stored into ExprState->resvalue/resnull, with some reasoning
why that would be fine. Unfortunately, that analysis was wrong -
ExecInitSubscriptionRef() evaluates the input array into "resv"/"resnull",
which will often point to ExprState->resvalue/resnull. This means that the
EEOP_PARAM_SET, if inside an array subscript, would overwrite the input array
to array subscript.

The fix is fairly simple - instead of evaluating into
ExprState->resvalue/resnull, store the temporary result of the subplan in the
subplan's return value.

Bug: #19370
Reported-by: Zepeng Zhang <redraiment(at)gmail(dot)com>
Diagnosed-by: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Diagnosed-by: Andres Freund <andres(at)anarazel(dot)de>
Discussion: https://postgr.es/m/19370-7fb7a5854b7618f1@postgresql.org
Backpatch-through: 18

Branch
------
REL_18_STABLE

Details
-------
https://git.postgresql.org/pg/commitdiff/bdc5dedfcaa57ddeef115252283019d79083d8a2

Modified Files
--------------
src/backend/executor/execExpr.c | 18 ++++++++++--------
src/backend/executor/execExprInterp.c | 6 +++---
src/test/regress/expected/subselect.out | 17 +++++++++++++++++
src/test/regress/sql/subselect.sql | 11 +++++++++++
4 files changed, 41 insertions(+), 11 deletions(-)