Given recent incidents, I'm going to audit the blacklist and post results on this task.
AbuseFilter
[x] abusefilter-privatedetails
[x] abusefilter-privatedetails-log
[x] abusefilter-hidden-log
[x] abusefilter-hide-log
[x] abusefilter-private
[x] abusefilter-private-log
ArticleFeedbackV5
[x] aft-oversighter
CentralAuth
[x] All Rights blacklisted as appropiate
CheckUser
[x] checkuser
[x] checkuser-log
[x] investigate (not yet used, behind config flag, added by @paladox)
CreateWiki
[x] createwiki
Flow
[x] flow-suppress
GlobalBlocking
[x] globalblock
[x] globalblock-exempt
IncidentReporting
[x] editincidents
ManageWiki
[x] managewiki-restricted
[x] managewiki-editdefault
MediawikiChat
[x] viewpmlog
OATHAuth
[x] oathauth-api-all T5768
[x] oathauth-disable-for-user
[x] oathauth-view-log
[x] oathauth-verify-user
OAuth
[x] all except propose & manageown