For starters, I mark most nodes as private and then grant permission at the node. This makes it very easy for me to understand who can access the node (and reduces the chance of error).
[...]
I curious as to how another person would approach the situation (and happy to pay to get that feedback).
Seems over-complicated to me, less permissions is usually better and less error-prone.
If you usually do not want Registered to view threads by others but allow that for Premium I would configure exactly that in the usergroups, eg.
Registered: View threads by others = No
Premium: View threads by others = Yes
This way you don't have to touch node permissions at all (except for nodes that have different requirements) and it becomes very clear which nodes have special permissions.
If you instead setup permissions for each (top-level) node every node looks like it has special permissions (because it has).