Hi Morten,
I believe it is possible for you to delete the authorization of the user who created the item/project. However, you will have to manually go to each item and/or project and manually delete. I did a brief test in my system and I was allowed to delete the creator, however, I would suggest you do some detailed testing on this with multiple users.
To answer your second question,inherited authorizations do not sync via DFM. To overcome this what I have done is specified authorization in the project template. For example, in my system the requirement is all users should have read access to everything (which I think is your requirement as well). Therefore to overcome the fact that inherited authorizations are not synced, I have a role, lets say ZPPM_USER which is assigned to all users. This role is included in the ACL of the portfolio with read access and also in all template ACL's with read access. Of course, this solution assumes all projects are created from a project template.
In general, I strongly believe that ACO_SUPER auth object should not be included any business roles. It should be restricted to IT PPM admin roles. There maybe cases where ACO_SUPER is required in a business role, but more of an exception if there is no other choice. Just my opinion 
Hope that helps. Feel free to let me know if any questions.
Lashan