Limit project admin ability to grant additional permissions

Summary(Customer's usecase)

We have a lot of projects and repositories that is not open for everyone within our company. We want to limit the access to a project to user in a specific LDAP group so we can be sure that no one else can access the repositories in this project. But at the same time we want to let a project administrator(project creator) configure the plugins but they(project creator) should have no possibility to change anything that has to do with permissions, so they(project administrator) can't let users access a repository that is not allowed to have access.

Right now we can't let users outside our small administration group to became project administrator for their project. This is because they in turn can let other users read, write and even give administration rights for this specific project, and that we can't allow for security concerns.

Expected result

Limit Project creator to provide permission to other user with admin or write permission.