after digging through the code of SSOWat, I realized I was being confused because the permissions manager was reworked in YunoHost 4.1. There were multiple references to using skipped_urls and unprotected_urls on this forum which led me rogue.
The other realization that I got while browsing through the code was that the permissions manager could take arbitrary names and was not limited to the apps installed on YunoHost ( which had initially misled me to using core_skipped which actually broke the core system ).
For future readers, you need to add an arbitrary permission in /etc/ssowat/conf.json.persistent as follows :
"permissions" : {
"arbitrary_permission_name" : { // can be anything
"auth_header" : false, // optional; what is the point anyway?
"public" : true, // required to skip the URIs being SSO'd
"show_tile" : false, // optional; to skip showing a tile on the user portal
"uris" : [ // required; the most important block
"sub-domain.domain.tld/path/to/resource",
"re:^[^/]*/%.well%-known/regex/too" // can take lua or PCRE regexes too
]
}
}