Navigation Permissions - Editable items when not allowed

[PatrickJunod]

Bug description

Users are still able to remove/edit navigation items, even when the "edit navigation" permission has not been given to their role.

How to reproduce

1. Create a navigation called "main"
2. Add a nav item in this navigation
3. Create a role that can only access the cp and view the main nav (no edit) using this yaml:

   watcher:
   title: Watcher
   permissions:
   - 'access cp'
   - 'view main nav'

4. Create a new user with just this role

   
   name: watcher
   roles:
   - watcher
   id: XXXX
   password_hash: XXXX

After this configuration, here are the actions that the user can do (but shouldn't ?):
![image](https://github.com/statamic/cms/assets/29105077/8e72ffc0-22a5-40fa-8f47-06ad98584e89)

- see the edit dropdown, even when it's empty 
![image](https://github.com/statamic/cms/assets/29105077/4d0a442b-5913-4589-a51a-65008514ab71)
- see the "Add nav item" button and be able to add an item
- click on the nav item to edit it
- click on the 3 dots next to an item to remove it or add a child item to it
- reorder the items
- save the changes

### Logs

_No response_

### Environment

```yaml
Environment
Application Name: Statamic
Laravel Version: 10.11.0
URL: statamic-test.test
Maintenance Mode: OFF

Cache
Config: NOT CACHED
Events: NOT CACHED
Routes: NOT CACHED
Views: CACHED

Drivers
Broadcasting: log
Cache: statamic
Database: mysql
Logs: stack / single
Mail: smtp
Queue: sync
Session: file

Statamic
Addons: 0
Antlers: runtime
Stache Watcher: Enabled
Static Caching: Disabled
Version: 4.2.0 PRO

Installation

Fresh statamic/statamic site via CLI

Antlers Parser

runtime (new)

Additional details

Tested on a brand new Statamic CLI installation but also on a 3.x website.

[lopadz]

Yeah, I can confirm this bug too. Also, overriding the CP Nav settings for the user group don't apply to the user, if only it's linked to a user group. The user needs to have a role assigned to it too.