Any changes to atlassian-addon-project-access project role are overwritten on an app installation

Issue Summary

As a result of changes announced in 2017 (https://confluence.atlassian.com/servicedeskcloud/blog/2017/02/add-on-permissions-update) any changes around atlassian-addon-project-access role persist only until the first app installation or update and then they are overwritten.

The possibility to remove atlassian-addons-project-access role from permission or issue security scheme gives admins a false impression they can restrict app access to some projects or features. 

This is reproducible on Data Center: no

Steps to Reproduce

1. Go to Permissions schemes
2. Pick one of them and click Permissions
3. Remove `atlassian-addons-project-access` from some permission ie. Administer Projects or Manage sprints
4. Install any app
5. Check that the role was readded to that permission

Expected Results

As Atlassian intention was to have `atlassian-addons-project-access` always added to all permissions schemes and issue security schemes there should be no possibility to manage that project role access.

Actual Results

Admins have the impression they have limited apps access to some projects, however, their settings are overwritten on any app installation or update.

Workaround

Admin can implement a side script that detects the reading of the project role happened and update schemes according to their initial requirements.