No. Root authentication is disabled when bunnyshell creates the Instances. You can always create users with sudoer permissions.
No. Password authentication is disabled when bunnyshell creates the Servers. Password authentication is only available for SFTP users.
Bunnyshell does not support managing SFTP users. All SFTP users are created and removed only on Application creation/removal. Checkout out the guide on how to Manually add SFTP users.
Yes. When an application is removed from a server, the code and associated SFTP user are removed.