Remove all uses of hardcoded "system" and "Administrator" usernames

There are many hardcoded checks for a username "system" or "Administrator" (depending on places).

• "system" should never be seen from the outside, it's an internal marker for unrestricted sessions, if needed it can be replaced with a string we're sure can never be used as an actual login name,
• "Administrator" should be replaced by the use of NuxeoPrincipal.isAdministrator().