Re: "a tool Microsoft uses to hide its source code from being copied"
"* Permissions (read/write/modify) on a per-value basis." trivial. UNIX has done that for 40 years.
"* Ability to push changes to users..." also trivial. changing a single value can't alter any other files. And if you put multiple values in a single file then you are idiots. Use LDAP for one. cfengine for another, there are a number of alternatives.
"* User/machine setting separation, with the user settings able to move with the user between machines as a single, trivially synchronised file." Relatively trivial. It has been done on UNIX systems for at least 20 years. NIS originally, LDAP currently. Or if you want cfengine or other tools that are available.