That explains it then.
One of the surprising features of anonymous access in Elasticsearch is that the roles listed in xpack.security.authc.anonymous.roles are added to every user, not just the anonymous user.
It is more accurate to think of them as "global roles" rather than "anonymous roles". I'm afraid that you will not be able to implement role based access control while also granting the superuser role to every user.