I think the best way would be to allow just the "Developer's", "Administrator's" and its "Uploader" to delete the file.

- If a file is referenced somewhere, only "Adminstrator's" & "Developer's" should be able to remove it, until the file is not longer referenced
- - (and if the "Creator" of the Page / Module is also uploader of the asset, the "Creator" too)
- Pages / Modules should keep an eye on the existence of its assets. If they are removed, remove them from their entries