File deletion is an unsafe operation. Granting rights to delete files to one user means that the same rights are granted to all other users. Any user will be able to delete any file of a project at any time.
To delete a file, you must use REST API, which requires a private key. We strongly advise against calling it directly from the front-end app.