NS SUSPEND should require only 'ban', not 'accreg'

[slingamn]

Noticed this when working on #1827. This is an asymmetry between UBAN of an IP/CIDR and UBAN of an account: the first requires only the ban privilege, the second requires accreg.

The intent of making accreg a more privileged action was because it modifies account information in a way that can violate server policies, e.g. with NS ERASE. But SUSPEND is pretty safe. We should downgrade this to the 'ban' privilege in 2.9.