RR*,
Tim has pointed you to two TechNotes aof mine which spell out how to configure CPPM + PANW. One of the doc clearly discusses some more advanced deployments utilizing PAN HIP Objects.
To answer your speciic question, YES, we will send the guest userid (P.S. we never send the password) to the PANW and the PANW can then enforce a policy based upon the userid or lots of other attributes we send, that can be used to limit this user from download/streaming content.