When I try to submit the form without CSRF, I just got this:

Forbidden (403)

CSRF verification failed. Request aborted.

Correct. But if you request any form from the site (such as the login form), you will get a csrf_token in that form. You can then copy that token into your form and submit it.

Here’s solution (a rubbish solution):
Altering the form_valid function in SignupView (from allauth) by adding two lines like this:
(The added lines are shown in the comment).

class AccountSignupView(SignupView):
    def form_valid(self, form):
        # By assigning the User to a property on the view, we allow subclasses
        # of SignupView to access the newly created User instance
        if not self.request.user.is_staff: # ADDED LINE 1: Check if User is staff
            raise Exception("Error: user is not staff") # ADDED LINE 2: Raise Exception
        self.user = form.save(self.request)
        try:
            return complete_signup(
                self.request,
                self.user,
                app_settings.EMAIL_VERIFICATION,
                self.get_success_url(),
            )
        except ImmediateHttpResponse as e:
            return e.response

When I try to signup new user using the form (as is, using default template with CSRF) as anonymous or non-staff authentic user, I just get Server Error (500), and I see no user is registered in the database.

As staff user I can register user and make the new user confirm his email, reset password, and login. And I can see new user registered on database with all fields.

Nope, not rubbish.

You’ve just replicated the core functionality provided by the user_passes_test decorator (Or UserPassesTestMixin for CBVs).