Feature request: Better role managing permissions

We need a feature/role which can only give and remove roles from users (below the direct role, not the highest role) to better implement role adding/removing without the option to delete roles and damage the server. With that also `untrusted persons can manage server parts without risking roles getting damaged/deleted.