Webapps have better privacy protections than native. Battery/cpu is a tossup depending on the app. With the example above of chat apps I've found that the webapps use less cpu/memory.
I think you're correct that desktop operating systems are in sore need of a permissions model for non-free apps. It should be possible to build one, and then shame vendors into using it.
A well written native app should use less battery and CPU than a well written web app. Lots of native apps are not well written though and, like Gruber said, many are just a wrapper around a web view showing their website.
Native code should be able to do more work with less power, yes. But in practice, these kinds of runtime efficiencies aren't the overarching factor. Native apps add features and these features in aggregate end up using far more memory, cpu, and being otherwise invasive into the system -- for example, the discord native app attempting to ptrace everything else on the system.
The extra crap -- especially information gathering -- ends up making the native apps slower and buggier.
I think you're correct that desktop operating systems are in sore need of a permissions model for non-free apps. It should be possible to build one, and then shame vendors into using it.