A routine use of `PhabricatorUser::getOmnipotentUser()` is loading related objects inside `destroyObjectPermanently()`, so they can also be destroyed.
This is correct, but makes it more difficult to audit calls to `getOmnipotentUser()` because it adds several of them to many applications. It seems desirable to organize these calls as much as possible, as their misuse can cause major policy violations.
It would be cleaner to provide a `getViewer()` method on the `$engine` (which just returns the omnipotent user), then call that. This would leave us with fewer hits for `git grep -i getOmnipotentUser` and generally better organization of access to omnipotence.