Personally I'd like us to explore agnostic and non-invasive solutions.
The subdivision of permissions across more user groups relies on a
number of assumptions which may not hold. For instance, on thousands of
MediaWiki wikis there's only one sysop anyway.
Something I would like is the ability to "have" a permission, but only
"activate" it for limited periods of time when needed. The activation
could require some extra steps (e.g. inserting the password again). It
could be logged to Special:Log, which people can then monitor as they
wish. A separate countermeasure (other than deflag) could inhibit it.
Granular permissions are tricky on MediaWiki, but we might come up with
simple implementations. Maybe, set a rate limit to 0 and add a special
page to temporarily increase it for yourself (or others). Something like
that.
Federico