The category is loaded using

$categories = JCategories::getInstance('Content', $options);
$this->_item = $categories->get($this->getState('category.id', 'root'));

See https://github.com/joomla/joomla-cms/blob/staging/components/com_content/models/category.php#L356-L357

which is running already an access check:

if ($this->_options['access'])
{
    $query->where('c.access IN (' . implode(',', $user->getAuthorisedViewLevels()) . ')');
}

See https://github.com/joomla/joomla-cms/blob/staging/libraries/legacy/categories/categories.php#L237-L240

as you see it is an option which can be set. It defaults to true (set in the constructor).

So you would have to disable the access check in the model.if you want to do the check it in the view. Adding that line $options['access'] = false; before the code in the model should do it. But I have no clue what side effects that could produce.

did what you suggest (I think) but to no effect. $category is still null

$options['access'] = false;
$categories = JCategories::getInstance('Content', $options);
$this->_item = $categories->get($this->getState('category.id', 'root'));

in https://github.com/joomla/joomla-cms/blob/staging/components/com_content/models/category.php#L356-L357 should work. At least it did for me when testing with com_content.
Other extensions may need similar code.

Indeed, this works, but as I tested further, I discovered another bug (with or without this code)
Make a Home menu item displaying a featured article view.
The featured articles all belong to a registered category.
The articles will display...

Note: with the new code, there are indeed consequences: displaying public parent category will also display link to registered category. (In the case above it redirected to home page)

Make a Home menu item displaying a featured article view.
The featured articles all belong to a registered category.
The articles will display...

Isn't that quite a stupid setup to begin with? If the home menu item isn't supposed to show public articles/categories, what should it show to guests then? Just an error message?

Ok, take it like this then:
A home featured menu item is displaying many articles from public/published categories, but will also display the ones from the registered category.

The question is simply: should the items contained in a category —to which one has no access— be displayed or not on a joomla site?

A home featured menu item is displaying many articles from public/published categories, but will also display the ones from the registered category.
The question is simply: should the items contained in a category —to which one has no access— be displayed or not on a joomla site?

=> It seems it is controlled by the "Show Unauthorised Links" parameter of the menu item (in Options tab). If you set it to No (I think it is default behavior), these articles won't be showed.

closing because we have a PR #11624