That feature is unfortunately not protected by a permission at the moment, it's just a hard-coded check whether the actor is the same as the target user.
My readonly extension hooks into it but it disables the feature completely rather than fixing the missing permission https://discuss.flarum.org/d/30633-readonly-profile
A PR on core to replace the hard-coded check with a gated permission would be nice. It could be a good idea to introduce a named permission to go with it in the admin panel, but it's not absolutely necessary.
Currently I think Flarum only uses gated permissions when a permission actually exists in the admin panel for it. Other features that don't have a permission in the admin panel are hard-coded. But we should replace those with named gated permissions even if they don't exist in the admin panel so extensions can hook into them via the gate.