permissionsContext.setCommandContext(); dangerous in some contexts

[daneryl]

permissionsContext.setCommandContext() in some scenarios can result in the creation of an entity with the id of the fake user permissionsContext.setCommandContext(); sets saved into the permissions, not being a valid ObjectId, this will throw errors on future permissions operations.

A good first fix can be to properly validate at the DB level that we are saving an ObjectId, this will be a good indirect way to know that we are saving the wrong user, and most importantly we will have a quicker feedback, with the current implementation the problem is not obvious until any permission operations is performed, like trying to public an entity, which can happen days after or weeks.