The readonly_wiki attribute seems to be compensating for the lack of EvenFinerGrainedPermissions, and doesn't even function as intended since WIKI_ADMIN is required for the checkbox to be displayed. As intended it would allow, for instance, a special permission be defined and used to control whether the checkbox is rendered. What we really want is a check like 'modify_readonly' in perm(resource).
As a workaround I used a permission, WIKI_CHANGE_READONLY, that isn't defined through an IPermissionRequestor and therefore can't be directly granted to a user (in that way, it's like the permissions defined in LegacyAttachmentPolicy). A user can now implement a replacement for DefaultWikiPolicy and control the rendering of the readonly checkbox. I consider this to be non-ideal, but it's just an implementation detail that can go away when we implement the finer grained permission scheme.