Fix a few issues with public receiver which include:

* Make Retraction be allowed to be received publicly (probably just never used before anywhere)
* Since public receiver bypasses @object.receive in some cases add the author signature verification for relayables to protect from relayables forgery
* xml_author was wrong in some cases for RelayableRetraction