Roles - Define default taxonomy (for standalone deployments)

Now that we have a mechanism for defining users and roles in standalone, there's another question: What roles should we define by default? How do we maintain those roles? A few ideas:

• Light-touch with open taxonomy. This is what D7 does -- you just get 2-3 roles (anonymous, authenticated, admin). Then the site-builder can fill-in more roles to taste. When you upgrade, you may need to re-tune the roles.
• Strong defaults with hackable taxonomy This is what WP does -- you get several roles out-of-the-box. Site-builders are not particularly encouraged to refine them, but it is possible (esp using APIs/add-ons). When you upgrade, it can (I assume) add or update roles.
• Library of example roles: This idea comes from looking at Google Cloud -- they have an extensive library of roles. Some of the roles are similar/overlapping (e.g. there are older and newer flavors of "File Admin"/"Storage Admin"). The upshot is that you get a presumption of continuity while still allowing the taxonomy to evolve. The downside is that the list is a bit overwhelming. But treating these as templates might mitigate that (library of possible roles is long -- but the local site only enables a handful).

There are some related questions - if you have strong defaults or a library of examples, then how do you deal with extensions (i.e. the list of available perms may fluctuate depending on the extensions).