When spawning an activity, store the current security context's user in the Message object itself, so the activity security context can be re-created with the same security during activity execution.
This allows a user to be modified (different groups, global roles, maybe removed altogether) after they spawned activities and before these activities could run.
It also means that any temporary custom group or global role granted to that user (by a privilege elevation mechanism out of the scope of this change) will still be effective during the activity execution.
This follows the principle that foo.activate(...).bar(...) should be equivalent to its "immediate execution" version foo.bar(...) by ensuring that the security context of the activity is the same as the one which was applied to the code which spawned that activity, independently of any intermediate configuration change - hence improving (deferred and fragmentary) transaction isolation.
This also removes the need to look the user up, then looking up their assignments (and other documents involved in group computation), etc, saving the cost of these calls.
Also, remove redundant user_name argument of Message.changeUser method.