fix: add missing /profile page to read_only and normal_user permission sets

Both permission sets allow User:update :own, so users should be able
to access their profile page. This makes the implementation consistent
with the documentation and the logical permission model.

test/mv/authorization/permission_sets_test.exs

@@ -247,6 +247,7 @@ defmodule Mv.Authorization.PermissionSetsTest do
       permissions = PermissionSets.get_permissions(:read_only)
 
       assert "/" in permissions.pages
+      assert "/profile" in permissions.pages
       assert "/members" in permissions.pages
       assert "/members/:id" in permissions.pages
       assert "/custom_field_values" in permissions.pages
@@ -349,6 +350,7 @@ defmodule Mv.Authorization.PermissionSetsTest do
       permissions = PermissionSets.get_permissions(:normal_user)
 
       assert "/" in permissions.pages
+      assert "/profile" in permissions.pages
       assert "/members" in permissions.pages
       assert "/members/new" in permissions.pages
       assert "/members/:id" in permissions.pages