Change default attribute permission

[skvrnami]

Change default user permission regarding modifying attributes so that ordinary users cannot create new attributes, but can only set up their own user attributes.

[hlageek]

This PR goes against the logic of deriving permission for modifying user attributes from the role in a project rather than from permissions to modify (i.e. define) attributes of any kind. I suggest this PR be closed if my assessment is correct. @skvrnami