Thanks for sharing your progress, issues and resolutions Jonah, that's much appreciated and I'm pretty sure it'll be useful for a bunch of other people. As mentioned, a blog post about it would be great for the community ;)
About .tar.gz, those are supposed to keep the permission flags when packing, see for example your application launcher still being executable after expanding a .tar.gz. So if the permissions are not set inside features, let's first check that the initial content before packing have them properly set. Another test you could make is build the .tar.gz by yourself from the content of target/products and compare whether your manual packaging keeps the executable flags.