Force context author to be guest in case of restricted execution

Right now the way restricted context work, it's transformations (and especially macros) which have to take it into account. Since the point of using the restricted context is that we don't trust the context author, we could also protect it even more and set the context author to guest.

One difficulty with that is the fact that right now it's not possible to make the difference between "there is no context user" and "the context user is guest" with the reference XWikiContext#getAuthorReference(), but fortunately we can make the difference the way the context author is actually stored in the context. So the solution for it would be to start by deprecating XWikiContext#getAuthorReference() to replace it with an API which return a UserReference (which is something we need to do anyway) since UserReference does make the difference between "no user" and "guest user".