Inconsistent user roles/permissions when user doc and users-settings are not consistent

[kennsippell]

Describe the bug

Essentially cht-core should consistently use the [roles and permissions] in user-settings because that's the only one that's downloaded for offline use. However I suspect couchdb db level permissions will use the one in the _users db because that's the only one it knows about. The CHT has code to keep these in sync but obviously it's not working correctly.

medic/cht-couch2pg#137 (comment)

Just a quick example:

• Here sentinel pull roles from the _users db
• Here admin app pulls from user-settings
• Here a system admin alters one doc through Fauxton but not the other (this is common)

These two security docs stay in alignment when edited through the CHT UI, but when edited through scripts or Fauxton they are frequently not in sync. CHT currently expects these documents to be identical -- when they are not, it can cause inconsistent roles and permissions for users.

Labeling as bug because of this statement "The CHT has code to keep these in sync but obviously it's not working correctly".