Way to disable the modification of a workflow by project admins

As a JIRA Administrator, I would like to be able to disable the new capability of project admins to modify a project's workflow (introduced in JIRA Software 7.3) so that I can ensure the integrity of already existing:

• filters
• gadgets
• dashboards
• reports
• Confluence pages that get info from JIRA

as many of them can (and will) be broken when they were built with the previous workflow statuses in mind.

Therefore, this capability needs to be controllable at different levels:

1. Instance (ON - OFF)
2. Global permission: control group(s) of users eligible to have this capability in projects.
3. Project permissions: ** new permission to be added to the permission scheme.

Note that level 2 seems to be redundant due to the existence of level 3, but it isn't really:

It should be possible to grant the new permission to a project role, and, simultaneously, not effectively granting the permission to a user that doesn't belong to the group of people set on level 2.

That's specially relevant when you don't want some project admins to be able to have this ability, but they could add themselves to the project role which grants this ability.

Also note that adding a group to the permission scheme instead wouldn't solve the problem.

So, for a user to be able to have this ability, all 3 levels should be true.