We still want them to be able to install, activate, deactivate and delete any plugins they choose to use.
You have to take into account that person who can install any plugin (PHP code) to the site can get superuser privileges in a minute. There is no sense to restrict such person via WordPress, as he can get access to any resource via PHP.
If exclude ability to install new plugins, or security problem is not important in this case, as finally site owner is responsible for what he is doing, you can use URE Pro add-on, which allows to restrict the list of installed plugins which are available to the user for activation/deactivation.