So after some digging, it’s clear that apps in priv-app are eligible for system permissions, the same way that old apps used to be eligible to claim system permissions by being in system-app. The only official Google documentation I could find on this came in the form of a commit message:
Commit hash: ccbf84f44c9e6a5ed3c08673614826bb237afc54
Some system apps are more system than others
“signatureOrSystem” permissions are no longer available to all apps
residing en the /system partition. Instead, there is a new
/system/priv-app directory, and only apps whose APKs are in that
directory are allowed to use signatureOrSystem permissions without
sharing the platform cert. This will reduce the surface area for
possible exploits of system- bundled applications to try to gain
access to permission-guarded operations.The ApplicationInfo.FLAG_SYSTEM flag continues to mean what it is says
in the documentation: it indicates that the application apk was
bundled on the /system partition. A new hidden flag FLAG_PRIVILEGED
has been introduced that reflects the actual right to access these
permissions.
Update: As of Android 8.0 priv-app has changed slightly with the addition of Privileged Permission Whitelisting. Beyond just being in priv-app, your app must also be added to a whitelist in order to gain various system permissions. Information on this can be found here: https://source.android.com/devices/tech/config/perms-whitelist