phpMyFAQ 4.1.3: Missing authorization in editUser and updateUserRights allows privilege escalation

Two sibling endpoints in phpMyFAQ 4.1.3 lack authorization guards, allowing privilege escalation: editUser() and updateUserRights() do not enforce the SuperAdmin-only invariant that was added to overwritePassword().

All installations of phpMyFAQ <= 4.1.3 where multiple admin users exist with delegable edit_user permission.

Apply the recommended fix: add SuperAdmin checks to editUser() and updateUserRights() to prevent non-SuperAdmin users from setting is_superadmin or granting arbitrary rights.