Dear Dave,
I guess that authenticated user already has this capability - 'moodle/user:editownprofile' set to allow and users are getting 'Edit profile' link in the administration block. (if this permission is not set to allow, please set this capability to allow for authenticated users)
I suggest to check your htaccess file and apache for RewriteRule (if any) for this concern.
Do you have written any htaccess RewriteRule in .htaccess file to restrict access of this file (user/edit.php) from browser?
Do you have wriiten any RewriteRule on web server to restrict this page from browser?
For example -
This is pure mod_rewrite
based solution either in apache/.htaccess:
RewriteRule ^(submit\.php) - [F,L,NC]
This will show forbidden error to use if URI contains submit.php
Please check if you have any RewriteRule(s).