5.15. With all of these ACLs, how can I possibly keep track of my configuration?

It is recommended that you create a shell script of all the ACLs that you wish to add to your system. That way you don't accidentally leave something unprotected when you make changes to your system. You can start the script out by flushing your old ACLs so you don't create duplicates.
bash# lidsconf -Z
To protect this shell script, you can either create an ACL to DENY access to it, or put it in the /etc/lids directory since it is automatically protected as DENY.