Honestly it took me one hour sunday night to write and play with my first template, so I don’t think it is really so much hard to understand and so over-engineered as you are worrying. I have no problem to continue with it.
As a matter of authorization I provide a ‘*’ for all actions, but restricted on specific module.
When I’m speaking of contributor needs I mean to let the implementation opened, like you did for example with the Ibay template and Module. The structure allows the contributor to add its templates ‘easily’ and its panel in the same way.
If I want to compare to SME Server, It will need some discussions to add the template in the core, and a mandatory new panel elsewhere in the server-manager-> this is why the contrib shared-folder was created, a discussion shortcut
So I don’t ask you to reinvent the wheel 
As you want but we have a proverb in France ‘un tien vaut mieux que deux tu l’auras’ (please @filippo_carletti can you translate, I know that you love France and Paris)
Concerning contributor needs about authorization there are not different from the core, and I do love simple things :
if the user or the group are allowed then full control on the Panel and all its plugins
For now I’m just interested by a template of base.json, I don’t want to start with a custom-template.
I will look about your module given as example.