Create the local connection user on server startup

Make use of it when the user specifies not user and pwd

go/cmd/dolt/cli/credentials.go

@@ -22,8 +22,9 @@ import (
 )
 
 type UserPassword struct {
-	Username string
-	Password string
+	Username    string
+	Password    string
+	Unspecified bool // If true, the user and password were not provided by the user.
 }
 
 const DOLT_ENV_PWD = "DOLT_CLI_PASSWORD"
@@ -49,11 +50,11 @@ func BuildUserPasswordPrompt(parsedArgs *argparser.ArgParseResults) (newParsedAr
 
 	if !hasUserId && !hasPassword {
 		// Common "out of box" behavior.
-		return newParsedArgs, &UserPassword{Username: "root", Password: ""}, nil
+		return newParsedArgs, &UserPassword{Username: "root", Password: "", Unspecified: true}, nil
 	}
 
 	if hasUserId && hasPassword {
-		return newParsedArgs, &UserPassword{Username: userId, Password: password}, nil
+		return newParsedArgs, &UserPassword{Username: userId, Password: password, Unspecified: false}, nil
 	}
 
 	if hasUserId && !hasPassword {
@@ -79,14 +80,14 @@ func BuildUserPasswordPrompt(parsedArgs *argparser.ArgParseResults) (newParsedAr
 			}
 			Println()
 		}
-		return newParsedArgs, &UserPassword{Username: userId, Password: password}, nil
+		return newParsedArgs, &UserPassword{Username: userId, Password: password, Unspecified: false}, nil
 	}
 
 	testOverride, hasTestOverride := os.LookupEnv(DOLT_SILENCE_USER_REQ_FOR_TESTING)
 	if hasTestOverride && testOverride == "Y" {
 		// Used for BATS testing only. Typical usage will not hit this path, but we have many legacy tests which
 		// do not provide a user, and the DOLT_ENV_PWD is set to avoid the prompt.
-		return newParsedArgs, &UserPassword{Username: "root", Password: password}, nil
+		return newParsedArgs, &UserPassword{Unspecified: false}, nil
 	}
 
 	return nil, nil, fmt.Errorf("When a password is provided, a user must also be provided. Use the --user flag to provide a username")

go/cmd/dolt/commands/sqlserver/server.go

@@ -45,6 +45,10 @@ import (
 	"github.com/dolthub/dolt/go/libraries/doltcore/sqlserver"
 )
 
+const (
+	LocalConnectionUser = "__dolt_local_user__"
+)
+
 // Serve starts a MySQL-compatible server. Returns any errors that were encountered.
 func Serve(
 	ctx context.Context,
@@ -219,6 +223,8 @@ func Serve(
 	lck := env.NewDBLock(serverConfig.Port())
 	sqlserver.SetRunningServer(mySQLServer, &lck)
 
+	sqlEngine.GetUnderlyingEngine().Analyzer.Catalog.MySQLDb.AddSuperUser(LocalConnectionUser, "localhost", lck.Secret)
+
 	var metSrv *http.Server
 	if serverConfig.MetricsHost() != "" && serverConfig.MetricsPort() > 0 {
 		mux := http.NewServeMux()

go/cmd/dolt/commands/sqlserver/sqlserver.go

@@ -302,7 +302,7 @@ func GetClientConfig(cwdFS filesys.Filesys, creds *cli.UserPassword, apr *argpar
 	yamlCfg = cfg.(YAMLConfig)
 
 	// if command line user argument was given, replace yaml's user and password
-	if creds.Username != defaultUser || creds.Password != defaultPass {
+	if !creds.Unspecified {
 		yamlCfg.UserConfig.Name = &creds.Username
 		yamlCfg.UserConfig.Password = &creds.Password
 	}

go/cmd/dolt/dolt.go

@@ -608,6 +608,11 @@ func buildLateBinder(ctx context.Context, cwdFS filesys.Filesys, mrEnv *env.Mult
 			if verbose {
 				cli.Println("verbose: starting remote mode")
 			}
+
+			if creds.Unspecified {
+				creds = &cli.UserPassword{Username: sqlserver.LocalConnectionUser, Password: lock.Secret, Unspecified: true}
+			}
+
 			return sqlserver.BuildConnectionStringQueryist(ctx, cwdFS, creds, apr, lock.Port, useDb)
 		}
 	}