Move the logic preventing non-super-admins from deleting themselves into `map_meta_cap()`

[flixos90]

This is part of the #37616 task. In wp-admin/users.php there are two ! is_super_admin() checks to prevent non-super-admins from deleting themselves. This logic should rather be placed in map_meta_cap() instead of being duplicated in that file. Furthermore, since the mentioned ticket aims at removing is_super_admin() checks outside of map_meta_cap(), this will also fulfill that task's goal for these two occurrences.

See https://core.trac.wordpress.org/ticket/37616#comment:23

[jeremyfelt]

39063.diff​ looks like the right approach and the tests back it up.

It's worth noting that the only place this is enforced at the moment is in wp-admin/users.php, not directly in remove_user_from_blog(). This change effectively moves the enforcement to remove_user_from_blog(). It's possible, though unlikely, that a plugin allows a site administrator to remove themselves from the site and that this will break the expectation. For this reason, the attached tests fail when applied pre-patch.

I'm okay making the change, as it's the right thing to enforce/clarify and can still be filtered. It's also nice to have this solved now as it will be useful as part of improvements to users and multisite in the REST API.

[flixos90]

In 39588:

Multisite: Handle capability check for removing oneself via map_meta_cap().

Site administrators should not be able to remove themselves from a site. This moves the enforcement of this rule from wp-admin/users.php to remove_user_from_blog() via the remove_user capability, which furthermore allows us to get rid of two additional clauses and their is_super_admin() checks in wp-admin/users.php. A unit test for the new behavior has been added.

Fixes #39063. See #37616.