The only correct solution

(Other answers I see are faulty, vulnerable or incomplete. All of them can be bypassed.)

This plugin does correctly:

class DisableMailChange
{

    public function __construct()
    {
        //prevent email change
        add_action( 'personal_options_update',  [$this, 'disable_mail_change_BACKEND'], 5  );
        add_action( 'show_user_profile',        [$this, 'disable_mail_change_HTML']  ); 
    }

    public function disable_mail_change_BACKEND($user_id) {
        if ( !current_user_can( 'manage_options' ) ) { 
            $user = get_user_by('id', $user_id ); $_POST['email']=$user->user_email; 
        } 
    }

    public function disable_mail_change_HTML($user) {
        if ( !current_user_can( 'manage_options' ) ) { 
            echo '<script>document.getElementById("email").setAttribute("disabled","disabled");</script>';
        } 
    }
}
new DisableMailChange();