The administrator should have the option to disable the settings functionality.
Right now this is achievable by unsetting the
secret_keyvalue in one's config. This works because the settings values are presently stored in a cookie, which needs the
Once these are moved over to JS-based WebStorage, a proper, specific config option will be needed for this.