#5843 Admin shouldn't override tool level permissions
We've had a couple cases where users have wanted to lock down writes to a repo from admins, usually just to prevent accidental writes, only to find that being a Project Admin would override that.
I think it would be better for the the tool level permissions to work as displayed, though this would simply be for preventing accidental writes, since a project admin should be able to just re-add the necessary permissions.
Perhaps a confirmation dialog when removing Admin from a tool level permission would be in order.
We also need to be careful when we make this change, so as not to subvert expectations from projects who expect the current permissions mechanisms. Perhaps we should script adding in "Admin" to any tool level permission that had it removed prior to making this change? It would seem odd to me that a project would intentionally remove that Admin permissions and expect it to still work.