Use hard-coded UUID for base documents and gallery folder?

During the implementation of ARCHE-541, we discussed if the archetype's content sources for bootstrapping /content/documents/<project-name> and /content/gallery/<project-name> should include a UUID or not.

If they have a UUID, the UUID of these nodes will be identical for all Hippo projects (unless a developer changes them manually), potentially constituting a security vulnerability.

If they don't have a UUID, a UUID will be generated on bootstrapping, and auto-export will add that UUID to the content sources, so they will still be the same across all environments into which the project is deployed (which is a much smaller, probably negligible security vulnerability). Also, if the original, clean project is put under VCS, auto-export adding the UUID will show up as a local - probably unexpected - source code change.

Currently, the UUID is there.