I ran into this several months ago. It first appeared in this post as steps #15 and #16 in the 22 steps to getting a working v13 beta server by @adals :
I even had to include it in my own rendition of the same process for making a v13 production server work otherwise I could not perform certain bench functions.
Then I had an offline conversation with another user/developer about this very problem and after much experimenting we could not find any other way to keep bench working properly for ALL functions unless we installed it twice!
There is a short discussion of that very problem in this post on yet another thread. Ultimately it was determined that you could either run bench in editable mode or else you had to install it twice. Neither is real;ly a satisfactory answer to running a secure version of bench. Here is the discussion on that part of the story:
So, @peterg if you have an alternate solution we are all waiting patiently for the fix.