API error reporting in general needs a major overhaul, and T47843: Rework API error reporting is on my TODO list.

All the examples you cite, BTW, are something deeper in MediaWiki returning 'badaccess-groups' or 'badaccess-group0' statuses and the API not-too-helpfully turns it into that message. ApiUpload and ApiRevisionDelete also do this, while most other API modules at least report "You don't have permission to do X".

by at least listing the missing user right as a data value alongside code and info.

Considering all the ones you cite are coming in as 'badaccess-groups', you'd wind up having to somehow parse the $1 parameter passed to that message (which doesn't necessarily contain the actual group names) to get the groups back, and no indication of the specific user right(s).

Or you could try changing core to use the ApiMessage class (which was introduced to be used for T47843 someday) to report that error, plus the places in the API making a 'permissiondenied' response without using that message.

The error message for these cases is now more informative and equivalent to the UI.

{
    "error": {
        "code": "permissiondenied",
        "info": "The action you have requested is limited to users in the group: [[Wikipedia:Administrators|Administrators]].",
        "*": "See https://en.wikipedia.org/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce> for notice of API deprecations and breaking changes."
    },
    "servedby": "mw1232"
}

If machine-readable details are needed, a separate task with the use case should be filed. I note that might require a fair bit of work since the errors come from deep inside MediaWiki and don't currently carry the machine-readable list of rights or groups along with them.