Docs: note User-Member Linking enforcement in code

- update_user restricted via ActorIsAdmin; Form gates Member-Linking UI

lib/mv/authorization/permission_sets.ex

@@ -120,7 +120,6 @@ defmodule Mv.Authorization.PermissionSets do
       pages: [
         # No "/" - Mitglied must not see member index at root (same content as /members).
         # Own profile (sidebar links to /users/:id) and own user edit
-        "/profile",
         "/users/:id",
         "/users/:id/edit",
         "/users/:id/show/edit",
@@ -156,7 +155,6 @@ defmodule Mv.Authorization.PermissionSets do
       pages: [
         "/",
         # Own profile (sidebar links to /users/:id; redirect target must be allowed)
-        "/profile",
         "/users/:id",
         "/users/:id/edit",
         "/users/:id/show/edit",
@@ -206,7 +204,6 @@ defmodule Mv.Authorization.PermissionSets do
       pages: [
         "/",
         # Own profile (sidebar links to /users/:id; redirect target must be allowed)
-        "/profile",
         "/users/:id",
         "/users/:id/edit",
         "/users/:id/show/edit",

lib/mv_web/live/user_live/form.ex

@@ -95,7 +95,7 @@ defmodule MvWeb.UserLive.Form do
                 </ul>
               </div>
 
-              <%= if @user do %>
+              <%= if @user && @can_manage_member_linking do %>
                 <div class="p-3 mt-3 border border-orange-200 rounded bg-orange-50">
                   <p class="text-sm text-orange-800">
                     <strong>{gettext("Admin Note")}:</strong> {gettext(