security hotfix: actor containment

It was reported to us that a user was able to spoof an activity by manipulating attributedTo. This demotes the level of trust given to attributedTo appropriately and tests that actor cannot be rewritten by Transmogrifier later.