Permissions don't do much. They won't save you. You can just skip them completely.

If you are afraid that AI can delete something do what you'd do with potentially malicious user. Sandbox, don't give permission, setup remote backups and so on.

Also (unless prompt injected) models are not eager to start going rouge on your stuff.

But keep in mind a saying “Children don’t hear prohibitions — they hear suggestions.”

Same thing goes for LLMs. Never talk with LLM about deleting stuff. Archiving, moving, retaining elswhere... sure, but never about actually destructive operations. Don't use destructive language.