Describe the bug
In /exist-core/src/main/java/org/exist/xquery/functions/securitymanager/IdFunction.java an NPE can occur when the sm:id() function is called. This happens when context.getRealUser() returns null.

Expected behavior
When context.getRealUser() returns null, the <sm:real> element should be empty, or absent.

To Reproduce
This happens when an XQuery script is called from a web application, after eXist has been restarted. However, I cannot come up with a simple reliable example.

Context (please always complete the following information):

• OS: Windows
• eXist-db version: 6.1
• Java Version 8 and 11

Additional context
The NPE occurs in

    private void subjectToXml(final MemTreeBuilder builder, final Subject subject) {
        builder.startElement(new QName("username", SecurityManagerModule.NAMESPACE_URI, SecurityManagerModule.PREFIX), null);
        builder.characters(subject.getName());
    ...
  }

Here, subject may be null, since is is obtained from context.getRealUser(), which may be null.

Proposed fix
I will make a PR, with a proposed solution avoiding the NPE.