In my opinion there are two good wysiwyg widgets, namely "Bootstrap Wysiwyg Editor" or the "CKEditor". The latter also supports the use of microflows.
About your security part of the question, as Mike already described: there are multiple ways to Rome. You should ask yourself is which users are allowed to edit which attributes? Derived from your statement "just the ability for appropriately-authorised users to update text/images/video links", I guess you want to have a read ony user and a read/write user. If so, two simple userroles would be sufficient.
What kind of documents are you talking about? Do you want to upload files and edit them in your application?
If you have any questions, please let me know :-)
You could accomplish this with either permissions on entities (i.e. only grant certain user roles the permission to create or change objects within Mendix) or via the user interface by granting permissions to access pages or microflows to certain user roles. These are the quick ideas that come to mind that can be designed into the app.
If you want to get a bit more granular and be able to configure content permissions at runtime, it would be straightforward to build a permissioning capability within your app where an admin could grant access to individual users or users meeting some criteria to update content. This could be accomplished in a number of ways. For instance, create an entity to contain users who can update images only. When a user clicks a link or button (Action button in Mendix) to view image content, have the link call a microflow that checks if the user is authorized to update links. If not, the microflow can display a page that is read only, otherwise the microflow can display a page that allows update. There are a number of other ways to accomplish the same thing.
Hope that helps,