Users can remove from a family patients that they can't normally access

Steps to reproduce:

• log in with JohnDoe

• create a new patient, draw its pedigree

• log in with Admin

• create a new patient, add it to JohnDoe's family & pedigree

• log in with JohnDoe, edit the family

• correct: JohnDoe cannot click on Admin's patient, view its details, or edit it in any way

• bug: JohnDoe can delete the whole node from the pedigree

  • In Admin's patient history, the patient appears modified by JohnDoe, even though JohnDoe cannot access that patient

• consequence bug: if JohnDoe click Undo in the pedigree, saving will fail due to insufficient permissions; the behavior is correct, JohnDoe shouldn't be able to put Admin's patient in a family, and this bug will not be present once the original bug is fixed