[3.0.1 Backport] Option to make GUEST access read-only

Add a database-level config flag for the GUEST user to enforce read-only access.

When this flag is set, any writes performed by the GUEST should return an error indicating that GUEST is limited to read-only.  This should be done as early in the write process as possible, but should also be late enough in the process to ensure there aren't any ways to bypass the check.