Admins should opt-in to elevated permissions only when needed

[dunkOnIT]

When performing duties at a competition, site admins usually don't need the full scope of their permissions to execute their duties. There is also an increased danger of abuse, if they leave their logged-in device unattended - a realistic scenario at a busy competition where an admin might be performing a crucial role.

Implementation ideas:

• Admins get a "Toggle permissions" setting on their profile
• Decreasing permissions can be done without authentication
• Elevating permissions requires password and 2FA