suggest roles instead of admin_users

and make admin link permission check match admin page

it would be nice if this could be consolidated (maybe an `admin:ui` permission?)

docs/source/getting-started/authenticators-users-basics.md

@@ -18,6 +18,13 @@ started.
 
 ## Configure admins (`admin_users`)
 
+```{note}
+As of JupyterHub 2.0, the full permissions of `admin_users`
+should not be required.
+Instead, you can assign [roles][] to users or groups
+with only the scopes they require.
+```
+
 Admin users of JupyterHub, `admin_users`, can add and remove users from
 the user `allowed_users` set. `admin_users` can take actions on other users'
 behalf, such as stopping and restarting their servers.