fix(core): Client routes guest access bug

Adds a check for the existence of the "guest" role in the state configuration
that we're transitioning to, in the core $stateChangeStart event handler. If
it exists, then we allow access.

Also, added validation of Authentication.user object. While writing
tests, I ran into an issue here when the Authentication service wasn't injected
into a controller. Probably best to have this check in place.

Fixes https://github.com/meanjs/mean/issues/1098

modules/core/client/app/init.js

@@ -19,7 +19,7 @@ angular.module(ApplicationConfiguration.applicationModuleName).run(function ($ro
     if (toState.data && toState.data.roles && toState.data.roles.length > 0) {
       var allowed = false;
       toState.data.roles.forEach(function (role) {
-        if (Authentication.user.roles !== undefined && Authentication.user.roles.indexOf(role) !== -1) {
+        if ((role === 'guest') || (Authentication.user && Authentication.user.roles !== undefined && Authentication.user.roles.indexOf(role) !== -1)) {
           allowed = true;
           return true;
         }