The problem is that the query generated acts upon the security provider so the permission name MUST be defined within the security provider to work so trying to define a new permission type outside the security provider definition will not be possible.
I would be nice to be able to be able to “inject” a new permission via a query but that would require code changes to the security provider and I don’t know if that would be feasible .
You need to ask @George about that one.