lemur: Insufficient authorization in PUT /api/1/roles/<id> allows role modification by any member

The PUT /api/1/roles/<id> endpoint in lemur/roles/views.py allows any member of a role to modify that role's name and membership list, due to insufficient authorization (only checks RoleMemberPermission which is OR-semantic for admin or member). The DELETE endpoint correctly requires admin permission.

All Lemur installations where non-admin users are members of roles that confer certificate or authority access. Attackers who are members of a role can add or remove other users, rename the role, and laterally escalate privileges.

Apply the remediation by adding @admin_permission.require(http_exception=403) decorator to the put method in lemur/roles/views.py, mirroring the delete handler. Alternatively, implement a dedicated permission class for role ownership if selective delegation is intended.