Very similar to T260631: BotPasswords doesn't validate length of resultant bp_restrictions JSON, but for bp_grants
If you for some reason had many many many many grants.... IT would be possible to end up with JSON longer than MySQL BLOB...
As such, in the same way as T260631, the length should be validated and an error thrown if it's too long
Technically blocks T108255: Enable MariaDB/MySQL's Strict Mode