I think this would be a great first bug for kelvinjiang@ to work on.  kelvinjiang@, the first step here will be to determine how many extensions do this, and what the approximate impact would be if we just make it an install failure.  With that information, we can either:
1. Make it an install failure, if the impact is tiny.  We'll send an announcement, and developers will need to migrate within the rollout period.
2. Make it an install warning, and have sane fallback behavior
  2a. Add a warning that permissions should not be optional and required, and determine sane behavior (probably, just put it in required, and not in optional).
  2b. (likely, but not necessarily) upgrade the install warning to an install error after some migration period.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a4db0e4a941f69be6a8bf388b171e0cb99884cfa

commit a4db0e4a941f69be6a8bf388b171e0cb99884cfa
Author: Kelvin Jiang <kelvinjiang@chromium.org>
Date: Fri Oct 12 22:19:56 2018

[Extensions] Add an install warning for redundant optional permissions

Add an install warning for the case when an extension requests optional
permissions that are also listed as required permissions. Currently,
only do this for API permissions; a follow-up will handle host
permissions.

Bug: 859959
Change-Id: Ic9dc1a834e3e597aa12fe4136f4f087c6295400f
Reviewed-on: https://chromium-review.googlesource.com/c/1265118
Commit-Queue: Kelvin Jiang <kelvinjiang@chromium.org>
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#599379}
[modify] https://crrev.com/a4db0e4a941f69be6a8bf388b171e0cb99884cfa/chrome/browser/extensions/api/permissions/permissions_apitest.cc
[add] https://crrev.com/a4db0e4a941f69be6a8bf388b171e0cb99884cfa/chrome/common/extensions/manifest_tests/permissions_parser_unittest.cc
[modify] https://crrev.com/a4db0e4a941f69be6a8bf388b171e0cb99884cfa/chrome/test/BUILD.gn
[modify] https://crrev.com/a4db0e4a941f69be6a8bf388b171e0cb99884cfa/chrome/test/data/extensions/api_test/permissions/optional/background.js
[modify] https://crrev.com/a4db0e4a941f69be6a8bf388b171e0cb99884cfa/chrome/test/data/extensions/api_test/permissions/optional/manifest.json
[modify] https://crrev.com/a4db0e4a941f69be6a8bf388b171e0cb99884cfa/chrome/test/data/extensions/api_test/permissions/optional_deny/manifest.json
[add] https://crrev.com/a4db0e4a941f69be6a8bf388b171e0cb99884cfa/chrome/test/data/extensions/manifest_tests/permissions_parser_overlapping_permissions.json
[modify] https://crrev.com/a4db0e4a941f69be6a8bf388b171e0cb99884cfa/extensions/common/manifest_constants.cc
[modify] https://crrev.com/a4db0e4a941f69be6a8bf388b171e0cb99884cfa/extensions/common/manifest_constants.h
[modify] https://crrev.com/a4db0e4a941f69be6a8bf388b171e0cb99884cfa/extensions/common/manifest_handlers/permissions_parser.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0300fe38f87c3dfd72c642daf5d9e56c3532e752

commit 0300fe38f87c3dfd72c642daf5d9e56c3532e752
Author: Kelvin Jiang <kelvinjiang@chromium.org>
Date: Wed Oct 17 20:05:51 2018

[Extensions] Add an install warning for redundant optional host permissions

Add an install warning for the case when an extension requests optional
host permissions that are already covered by required host permissions.

This is a follow-up to 1265118.

Bug: 859959

Change-Id: Idf639b89016ac72a4df5406d290baa177e83a0e4
Reviewed-on: https://chromium-review.googlesource.com/c/1274054
Commit-Queue: Kelvin Jiang <kelvinjiang@chromium.org>
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#600530}
[modify] https://crrev.com/0300fe38f87c3dfd72c642daf5d9e56c3532e752/chrome/common/extensions/manifest_tests/permissions_parser_unittest.cc
[add] https://crrev.com/0300fe38f87c3dfd72c642daf5d9e56c3532e752/chrome/test/data/extensions/manifest_tests/permissions_all_urls_host_permissions.json
[add] https://crrev.com/0300fe38f87c3dfd72c642daf5d9e56c3532e752/chrome/test/data/extensions/manifest_tests/permissions_optional_all_urls_permissions.json
[rename] https://crrev.com/0300fe38f87c3dfd72c642daf5d9e56c3532e752/chrome/test/data/extensions/manifest_tests/permissions_overlapping_api_permissions.json
[add] https://crrev.com/0300fe38f87c3dfd72c642daf5d9e56c3532e752/chrome/test/data/extensions/manifest_tests/permissions_overlapping_host_permissions.json
[modify] https://crrev.com/0300fe38f87c3dfd72c642daf5d9e56c3532e752/extensions/common/manifest_constants.cc
[modify] https://crrev.com/0300fe38f87c3dfd72c642daf5d9e56c3532e752/extensions/common/manifest_handlers/permissions_parser.cc

Marking as "started" since the code is out, but at some point there is follow-up needed (i.e. maybe not the best idea to use the install warning forever)

One of the recommendations in this bug: https://bugs.chromium.org/p/chromium/issues/detail?id=889654&q=component%3APlatform%3EExtensions%20permissions&sort=-modified%20-stars&colspec=ID%20Pri%20M%20Stars%20ReleaseBlock%20Component%20Status%20Owner%20Summary%20OS%20Modified

is to add a permission as both optional and required to address not being able to re-request  withheld permissions (presumably after explaining more specifically why they are necessary in a rendered UI).

Would this change invalidate that approach?

I'm working on a patch now, which will enable requesting withheld permissions from the permissions API.  This should also land in M72.  With that, the workaround will be unnecessary (though using it won't break anything).