[Panel] Only admin should be able to create admin users

[texnixe]

Describe the bug
Currently, when creating new users, there is no way to limit the roles a user with permissions to create other users can assign (at least I'm not aware of it). But this looks like a security issue to me, because non-admin users with a right to create new admin users can thus effectively make themselves admins by logging in as this newly created user.

To Reproduce
Steps to reproduce the behavior:

1. Create a new user role, e.g. Editor with permissions to create users
2. Create a new user with the Editor role
3. Log in as this editor user
4. Create a new user
5. See how this editor can create a user with any user role including admin users.

Expected behavior
A user with a given role should not be able to create admin users (and in fact it should be possible to define a set of roles this user can assign to a new user, see getkirby/ideas#316

Screenshots
If applicable, add screenshots to help explain your problem.

Kirby Version
3.2.0rc2

[bastianallgeier]

✅