Follow-up from "Update schema for permissions definitions"

The following discussion from !206218 (merged) should be addressed:

Specific comment

On second thought, I am reconsidering if we should add the assignable attribute here to support granular PATs or if a permission group would make more sense. It's a new concept, but using a permission group would allow granular PATs to maintain their own list of permissions without affecting any other service that consumes from the permission catalog.