Support identifiers in SQL query templates

[code-ape]

Problem Description

Is your feature request related to a problem? Please describe.

A common need when generating SQL queries is to dynamically template identifiers. For example, this allows for a single query to be written that can ORDER BY any column without worrying about injection attacks. Today this does not seem to be possible in SQLx except by .push() which is very high risk!

Solution Proposal

Describe the solution you'd like

Some way to have macros like query_as!() support this. I'm familiar with Knex.js solution to this which is that ? are safely templated to escaped values while ?? are safely templated to escaped values.

As an example, take the following template:

SELECT * WHERE id = ? ORDER BY ?? DESC

With the template values 1234 and my_column on Postgres this would generate:

SELECT * WHERE id = '1234' ORDER BY "my_column" DESC

Taking this a step further would be a way to inject keywords so DESC could be templated. Perhaps keywords could be identified by $$$ and things templated with it must implement some "keyword trait".

Alternatives Investigated

Describe alternatives you've considered

The only alternative today seems to be .push() which is dangerous and also not template friendly.

Additional context

1. Note that each database dialect does escaping of values and identifiers differently. So implementation would have to support being database specific.
2. Reference to Knex.js "raw" system for its query builder: https://knexjs.org/guide/raw.html