For question 1, yes, there are potential administrative use cases where an OOB administrator might need to clean those sorts of accounts.
For question 2, a boot strap account is a Redfish account. So, you should be able to make that sort of mapping. But as I'm typing this it might make sense to differentiate a bootstrap account from other accounts in this manner for the sake of identifying them in an interoperable manner. We'll need to discuss this aspect further.
So from your reply I understand that BootStrap Account is similar to normal accounts and the Administrator can perform all HTTP Methods as the normal Redfish account namely PATCH,DELETE once created. Please confirm.
Also for differentiation, either we can have Account Type as Redfish-HI or any other new attribute like BootStrap with a Boolean value. We need this to delete all the BootStrap Accounts on Reset of a Service/Host.