Basically the same as T260633: BotPasswords doesn't validate length of resultant bp_grants JSON
The length of oarc_grants is not validated before it's inserted into the DB
So if "too many" grants are selected (and/or too many with long names) and end up with truncated JSON
Technically blocks T108255: Enable MariaDB/MySQL's Strict Mode. See also {T260635}