Users can remove from a family patients that they can't normally access

Steps to reproduce:

• log in with JohnDoe
• create a new patient, draw its pedigree
• log in with Admin
• create a new patient, add it to JohnDoe's family & pedigree
• log in with JohnDoe, edit the family
• correct: JohnDoe cannot click on Admin's patient, view its details, or edit it in any way
• bug: JohnDoe can delete the whole node from the pedigree
  • In Admin's patient history, the patient appears modified by JohnDoe, even though JohnDoe cannot access that patient
• consequence bug: if JohnDoe click Undo in the pedigree, saving will fail due to insufficient permissions; the behavior is correct, JohnDoe shouldn't be able to put Admin's patient in a family, and this bug will not be present once the original bug is fixed