Protect renderers and renderer prototypes

[Witiko]

Markdown renderers and renderer prototypes may appear in the table of contents, floats, and notes. Therefore, they should be defined as protected by default.

[Witiko]

As shown in the CI from #506, this feature needs more time in the oven, since we don't want to protect renderers that are used outside typesetting such as the renderers used in tests:

We would need an interface along the following lines:

• \markdownSetup{renderers/rendererPrototypes={name/glob (+)= {...}}} defines protected commands by default.
• \markdownSetup{renderers/rendererPrototypes={!name/glob (+)= {...}}} defines unprotected commands. This would be used in tests and in contexts where the renderers are not used for typesetting and/or need to expand.

Of course, the prefix ! is arbitrary and can be replaced with a more intuitive signifier.

Alternatively, we could also add new top-level keys unprotectedRenderers and unprotectedRendererPrototypes. This would keep us from extending the already-overloaded syntax for renderer (prototype) names / blobs.

On the first glance, we might also want to be able to (un)protect (potentially all) renderers and renderer prototypes in certain scenarios using e.g. \markdownSetup{(un)protectRenderers/RendererPrototypes = {name/glob, name/glob, ...}}. However, since we would likely use different renderers inside and outside typesetting, (un)protecting renderers seems less useful and potentially a source of slow-down. Therefore, I would delay this addition until it is needed.

Furthermore, many default definitions from plain TeX are not protected in #506. We should likely replace all uses of \def, \newcommand, and similar in files markdownthemewitiko_markdown_defaults.tex, markdownthemewitiko_markdown_defaults.sty, and t-markdownthemewitiko_markdown_defaults.tex with \cs_gset_protected:Npn.