Adamw, you've mentioned gated trunk over and over. Could you actually explain what part of gated trunk needs control over the protection system that it doesn't already have.
Cause so far I haven't seen any reason why gated trunk would need any change to the protection system.
So far the only thing I've seen was "Protection shouldn't exist in gated trunk so needs to be able to remove the protection system but doing so with hooks would require handling a large number of individual hooks".
However in such a context I would argue that's a mistake. Gated trunk does not negate protection. As much as your ideal might be that a wiki with gated pages should never have a protected page. There will be cases where a wiki's admins will want to protect pages so that even gated edits can't be made. They may want this for their site script pages, etc... or they may have pages on the wiki where by policy they will never accept a contribution to by a non-staff. And this isn't strange inside the gated trunk world. Because Gerrit's ACL system already makes it possible to do such a thing.
So in such a case you actually shouldn't be touching the protection system at all. You may consider hiding the protection system a little to prevent abuse. Or telling the sysadmin to configure protection so that sysops can't use it and you require higher permissions. But besides that the only thing you should be doing with the protection system is suggesting that the person installing your gated pages extension should willingly go and start unprotecting pages.