There are already staff user roles and permissions on Ghost, although they’re by invitation, not by sign-up. You can read about them here: https://ghost.org/docs/staff/ .
It would not be terribly hard to set up a cloud function that would take a form submission and create a staff user using the API (Ghost Admin API Documentation) .
However, if you decide to do this, you 100% need to have the site admin (/ghost) on a separate domain from the website, because Ghost treats staff users as trusted, and otherwise an admin might be tricked into visiting a page with malicious javascript. Having the admin functionality on a separate domain provides /some/ protection against a staff user engaging in malicious behavior. You should also be aware that Ghost doesn’t sanitize post content, so if your staff user puts something malicious into an HTML card on a post, there’s nothing to stop that. For example, a staff user could steal a website visitor’s cookie (not staff cookie, as long as you’re using separate domains) and use it to make comments as the website visitor. So you’d need to think pretty carefully about whether you could trust new staff users without some sort of vetting process.