`ModuleHost::call_identity_connected`: when no `client_connected` reducer exists, broadcast the TX that inserts into `client_connected`.

[gefjon]

Per discussion in #2983 . In ModuleHost::call_identity_connected, in the path where no client_connected reducer exists, we create a transaction which inserts into st_client (and as of the linked PR, also st_connection_credentials and commit it, but never broadcast that commit to subscribers. (Broadcasting is handled by the call reducer machinery in the other branch.) This is technically a bug, as clients which subscribe to system tables will observe inconsistent results. It's low-prio because our client SDKs cannot subscribe to system tables anyways (no bindings), and we don't document the system table interface publicly.

Alternatively, we could decide that the relevant system tables (st_client and st_connection_credentials) should be public. In that case, we should make them not ever subscribe-able, add a (smoke?) test that attempting to subscribe to them via the CLI or a raw websocket as non-owner fails, and then add a comment to this branch in call_identity_connected that we are not broadcasting on purpose.