I'm not averse to the functionality because I can see a bunch of great use cases. Mine is recording bus stop information by sitting on the said bus, so I can plot it on a mapping service I actually like - I find it very difficult to use the information provided by my local bus company.
But my thinking was that instead of backgrounding completely, I would foreground my "record this bus stop" button when I wanted it. Partially because the implications of really backgrounding tracking systems are kinda scary, and there's already too much of that.
In regards to your proposals for protecting users, I'm not convinced that home-screening gives a lot of useful protection, so I'm not convinced that it's a sensible proxy for permission to access "powerful features" (for my own undeclared assumptions about what that term means). Installed - as a signed package seems more reasonable. A very basic summary, pointing to the "Faustian details" instead of blasting the user with something like this comment seems like a good idea, assuming the summary is helpful for decision-making. And I like the idea of blending the GPS icon with an eye of Sauron or similar.
I'm not sure why you think it's OK not to have a UA mediate the access - unless "some other daemon" is in the same situation that you can kill it off relatively simply. I thought that was a nice part of the proposal, although I prefer to be able to kill a set of beasts in the browsers - say a tab group - without having to shut the whole thing down. (Yes, more personal information, I have a lot of tabs open).
My comment was actually a direct reply to the idea of putting permissions into manifest and asking for them at install time. That's what the widgets system did. (There are a set of W3C Recommendations that had a bunch of implementations, and one of the key contributors is now an editor of the manifest spec). That is what "native" app systems do, and as far as anyone can tell, those are all good cases to show that from a position of protecting the user, it's a bad idea.
The argument generally used to justify the behaviour in the app case is that stuff is vetted before being allowed intothe app store - although that rests on the fallacy that fewer than a handful of app stores are where people actually get their apps, ignoring multiple 3rd-party stores, side-loading of apps, and similar parts of reality.
As far as I can tell, the questioning about whether this is OK for specs in general goes in the other direction to what you suggest - where wake lock, service worker, push messaging, etc are setting themselves up as long-running consumers of battery life and with an ability to share information that has significant implications for privacy and perhaps personal security, those issues should be raised, and answered by the proponents of those specs. W3C process has a mechanism to do this*.
The general tendency for the Web is to request permission as needed, rather than making a blanket grant before you even use a service. A simple rationale is that on the Web we have no guarantee that http://goodguys.com wasn't bought out, since yesterday when you gave them possession of all your base, by The Axis of Really Bad Inc.
Sure, when something like the web-based RTC system of Webex (which W3C happens to use for teleconferences) asks permission to use the microphone and camera, browsers should probably offer a "don't ask again" option. As well as an option like "do ask me every time, because I consider this exceptional privilege to be granted as needed, rather than revoked when I realise something bad happened").
I'm totally unconvinced that it makes sense to have "allow the Web to track your location" as a permission demanded by an app as a condition of installation. There's a reason why my phone is lacking in such apps from the "native" app world.
PS: W3C frowns upon people insulting others - not because I care personally since I'm used to it and thick-skinned, but because it puts people off the idea of entering such a discussion, exposing not just exposing their ideas to critical evaluation by people as dumb as me, but exposing themselves to ad hominem attack which doesn't admit a rational defence. If you can see a way clear to stop such behaviour, I can see a way to work for restoring your ability to work directly in W3C fora.