Use a "daemon" role (a non-login role for this dedicated purpose) that owns the trigger function in combination with SECURITY DEFINER
And grant the necessary privileges on t1
to it.
Details in these related questions:
Is there a way to disable updates/deletes but still allow triggers to perform them?
Allow insertion only from within a trigger