Default Guest Permissions

Challenge

The default policy is to give creators of items full access to the owned item
Some admins don't understand the implications of giving guests "add item / album" / "edit item", "all access" permissions
The guest is shared by everyone. So giving guest some permission to edit something means giving everyone the permission to change things by everyone else.
Therefore we need to make an exception for guest users by giving guests a minimal set of permissions. E.g. not giving the guest user any special permissions even if its the owner / creator of an item / comment.

Instead of giving full access, give guests by default very restrictive access to items owned by the guest user.
Maybe make this even configurable (site wide default permission rules for guests).
Add a "Security" page in site admin to report the current status and warn about misconfigurations

Centralize default permissions (default permissions for albums are still set in different places)
In GalleryItem::save, set the permissions restrictively if guest is the owner
Add a "Security" site admin view to report
- Items with public edit/delete permissions
- config.php permissions
- g2data web-accessible
- Base URL settings
- etc.
Add some UI to configure default guest permissions for guest-owned items