Add built‑in guardrails to the _user blueprint so that the port_role field (and other security‑critical user fields) can only be modified by Admins, regardless of how _user blueprint permissions are configured. Catalog RBAC for _user should no longer be able to grant non‑admins the ability to change their own or others’ roles; any such attempt should be blocked with a clear error. The goal is to “bulletproof” the _user blueprint and prevent misconfiguration‑driven privilege escalation while keeping normal RBAC behavior for non‑sensitive user properties.