Our most interest is protecting query results via ACLs on Categories
- so pages of specific categories would not be exposable to specific
user groups
OK, I think it's possible with normal $title->userCanRead() page protection.
Our intention is to be able to hide pages with specific property values from query results (including hiding from sub-queries results, output of query to template, etc)
Do you talk here about protecting the page if it has a specific property set to a specific value? It's of course harder to implement if you want to take properties and their values into account. But as I understand, category protection will suffice for you - correct?