Add notify method

[leodaher]

This patch adds a method for sending a PostgreSQL notify with a payload
to a specific channel.

[madsmtm]

This is vulnerable to SQL-injection (correct me if I'm wrong 😉). Is there a way to fix this? If not, it should be explicitly stated in the documentation that untrusted payloads / channels aren't supported.

[matthewwo]

As far as I know Psycopg2’s execute method will sanitizes the arguments if passed as a tuple to the method.

For example

conn.execute(“NOTIFY %s, %s”, (channel, payload))

I’m not sure about sqlalchemy though :)

Look forward to this PR be merged! Looks neat and the library can be more complete with this change.

[matthewwo]

Also it seems to be better to use the pg_notify function in Postgres for sending notifications to non-constant channel names and payloads?

Refer to the Notes section in the doc: https://www.postgresql.org/docs/9.0/sql-notify.html

[djrobstep]

Thank you kindly for this PR! Definitely a much-needed addition to this library.

Some things will need changing before we merge:

• The current implementation is vulnerable to SQL injection (as mentioned by @madsmtm)
• The cursor needs proper cleanup (probably with a with as per http://initd.org/psycopg/docs/usage.html)
• As the docs and @prankymat mention, the pg_notify( function is probably nicer than the keyword style so let's change to that.
• I'd rather the tests did a real test with a temporary database rather than mocking (this isn't essential, so we can probably change this in the future/a separate PR/whatever).