First I thought in the bold marked area is always the address of the receiver
in a way the whole script is the "address of the receiver". an address is the same as these scripts but in a user friendly way. you take the hash and encode it with a version to indicate type of the script. the OP codes are the same if you know the type.
but know after analyzing some blockchain transactions I found out that the public key is provided (I guess it is).
the public key (and the signature) are provided in the script signature part (or the witness in SegWit transactions).
When someone sends me his address, how is it possible to get the public key since hashes are irreversible? Is it the hex of the address?
you don't need their public key and it is impossible to get it from the hash. (address only contains that hash).
The unlocking script is clear to me. But what is acctually signed? The txid?
the receiver signs the transaction not you so they provide the public key and since they have the private key they can provide the public key too.
what is being signed is the transaction itself but with some modifications. for example for a simple P2PKH that you posted above the script pub is placed inside scriptsig and the rest of the inputs (if present) are set to empty scriptsigs. then the sighash byte is added at the end as 4 bytes and the whole thing is hashed twice with SHA256 and then that hash is signed.
see
https://bitcoin.stackexchange.com/questions/32628/redeeming-a-raw-transaction-step-by-step-example-requiredbut there are a lot more details about signing transactions based on the type of the input being spent.