Comment 3 for bug 1917469

The historical approach and IIRC the default is that users can deactivate their own images but any operation to the image data of deactivated image (including delete) is admin operation. The delete was specifically thought out case, to avoid situations where image is deactivated for admin investigation and malicious owner would delete and recreate the image to avoid the investigation.

You really should use the hidden images for the workflow you're describing as that was specifically designed ofr the use case you're describing in the bug.