Okay you have number of points here so i will try to address the in order.
You say you installed an app to allow individual settings of app permissions? I know these exist, but do they work without root?
The app you installed need you to turn off app verification so it can install because no doubt it is up to something shady, at least in the eyes of the android system, business. You can usually turn off app verification, install the app and then turn it back on after the app is installed.
Lookout and ESET complained again because this app is working outside of the established safety zone, it is intentionally doing this that go against the system and potentially its safety. That is just how most of these work.
On your proposed changes, I agree with you to an extent. When downloading an app you should be, as you currently are, made aware of what the app needs.
Unchecking permissions would be a great option but you cannot have complete control and not expect problems. For example. A contacts app like the one built into the system needs access to the contacts to work, with the ability to uncheck permissions you could not allow it access to contacts and completely break the app.
This bring me along to the next point. A developer cannot plan for lack of permissions if you are going over their head and blocking the access they have planned for. The apps will most likely break if you remove their permissions. Simple as that.
For you last change, you are absolutely correct, this needs to end. Unfortunately many of these games are "free" games and rely on nasty tactics like prompting you to invite all you friends or go to their website. For this like the camera, augmented reality games need this. Accounts could be needed now for devices with more than one user to access saves on other profiles. Identity is usually used to auto fill out player names and countries for leaderboards. Location, mostly not ever needed by an app but social media uses it for checking in, should be optional.
Now for the fix. There are many custom ROMs. These will get rid of your bloatware, upgrade your android version and allow much better granular control over your system. Currently I am running Omni ROM and it has built into the system, SuperSU and APP-OPS, these combined allow you to have a lot of control. App-ops in particular is exactly what you want. It allows you to go into any app and edit it's permissions on a per app basis. So you do not want Facebook having access to GPS? Turn it off. the difference between the app you installed and this is this was built into the system, it still has some of the potential security problems but at least this one is intentional form the start.
The only problem is that you might be on contract and cannot put a custom rom on without voiding warranty.
On a separate note, a lot of people blame apps and their crazy permissions for draining their battery. I many cases this is simply untrue and there is just junk on the phone doing this. Like complex live wallpapers, Google services running mobile, WiFi and GPS all the time to find out where you are and apps just sitting in ram keeping them selves running.