Make sure settings writes are permission checked correctly

The last bit of undoing the earlier tangle around query results having
observers under the calling user's identity.  We do *not* want to drop
calling identity in the call() processing; we want the table-based
permission checks at the point of the underlying db operations to be
performed against that identity.

Bug 7265610

Change-Id: Ie0c9331ebd0918262a0a32b5b03b876fc2a92ca3