security: remove is_system_role from public API

Remove is_system_role from accept lists in create_role and update_role
actions. This field should only be set via seeds or internal actions to
prevent users from creating unkillable roles through the public API.

priv/resource_snapshots/repo/users/20260106161215.json

@@ -99,7 +99,7 @@
           "strategy": null
         },
         "name": "users_role_id_fkey",
-        "on_delete": null,
+        "on_delete": "restrict",
         "on_update": null,
         "primary_key?": true,
         "schema": "public",