8 – Restrict Menu Item Visibility by Permissions

I have a module-generated menu (using yaml file) with 5 menu items. My requirements don’t allow me to restrict menu item visibility by role because roles can be dynamically added. So I have to do this using permissions only.

What I’ve tried
(1) Restricting menu item access using route permissions – this shows a page forbidden but still allows the restricted menu item to be visible

  title: 'HR Manager'
  route_name: portal_hrm_core.hrm_link
  menu_name: hcm
  expanded: TRUE

(2) Contrib modules – Menu Item Visibility and Menu Item Per Role
Both of these are only role-based and can’t support permissions

I know I can go really low-level and use something like hook_preprocess_menu but seems to heavy for such a simple requirement considering how many times that hook may be called.

So folks, please any further suggestions?