Zero is not the default for those settings: if that’s what they’re set to, it indicates that the GC situation on your server is probably the setup I described: PHP’s default system is disabled and there is probably a cron or something else cleaning the sessions, which won’t clear out Omeka’s session data.
The PHP session system uses a cookie that just stores the session ID for the user, the actual data is stored on the server. As for why sessions are created for users who don’t log in, that’s just the way the authentication system we get from Zend works: we have to turn on the session to see if the user is logged in, and for users who aren’t, that sets a cookie and creates and saves a stored session. The Omeka core really doesn’t use sessions for anything for anonymous users, though plugins would be free to do so (sessions work just fine for anonymous users… I don’t know off the top of my head if we have any plugins that are really doing this, though). The crawlers are probably just throwing away the cookies, so they’re getting a new session on every request.
I think it would be possible to alter the way the authentication and/or session systems work to not create rows for “empty” sessions with no information associated… but there could/would be side effects, like actual anonymous users possibly getting a new session cookie on every request, so it’s not necessarily a trivial change to make.