Prevent sole admin from deleting their account

Without this guard, the last admin in the system could delete their own
account, making the application unmanageable. This adds a model method
`User#sole_admin?`, a controller guard in `RegistrationsController#destroy`,
and disables the delete button in the profile edit view when the current
user is the only remaining admin.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

test/controllers/registrations_controller_test.rb

@@ -0,0 +1,18 @@
+require "test_helper"
+
+class RegistrationsControllerTest < ActionDispatch::IntegrationTest
+  test "sole admin cannot delete account" do
+    sign_in users(:admin)
+    delete user_registration_path
+    assert_redirected_to edit_user_registration_path
+    assert_equal t("registrations.destroy.sole_admin"), flash[:alert]
+    assert User.exists?(users(:admin).id)
+  end
+
+  test "non-admin can delete account" do
+    sign_in users(:alice)
+    assert_difference ->{ User.count }, -1 do
+      delete user_registration_path
+    end
+  end
+end

test/system/users_test.rb

@@ -149,7 +149,7 @@ class UsersTest < ApplicationSystemTestCase
   end
 
   test "delete profile" do
-    user = sign_in
+    user = sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
     # TODO: remove condition after root_url changed to different path than
     # profile in routes.rb
     unless has_current_path?(edit_user_registration_path)
@@ -162,6 +162,14 @@ class UsersTest < ApplicationSystemTestCase
     assert_text t("devise.registrations.destroyed")
   end
 
+  test "sole admin cannot delete profile" do
+    sign_in user: users(:admin)
+    unless has_current_path?(edit_user_registration_path)
+      first(:link_or_button, users(:admin).email).click
+    end
+    assert find(:button, t("users.registrations.edit.delete"))[:disabled]
+  end
+
   test "index forbidden for non admin" do
     sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
     visit users_path