docs(permissions): Clarify userUpdate permission scope

Updated the documentation for the `user.update` permission to explicitly state it is an administrator-level permission, distinguishing it from `user.update_owned`.

Author: fulleni

lib/src/rbac/permissions.dart

@@ -44,12 +44,11 @@ abstract class Permissions {
   // Allows deleting the authenticated user's own account
   static const String userDeleteOwned = 'user.delete_owned';
 
-  // Allows creating a new user (admin-only).
-  static const String userCreate = 'user.create';
+
   // Allows updating any user's profile (admin-only).
+  // This is distinct from `userUpdateOwned`, which allows a user to update
+  // their own record.
   static const String userUpdate = 'user.update';
-  // Allows deleting any user's account (admin-only).
-  static const String userDelete = 'user.delete';
 
   // User App Settings Permissions (User-owned)
   static const String userAppSettingsReadOwned = 'user_app_settings.read_owned';