Roles are configuration entities (user_role) represented by the Role entity type class. They can be created through the UI and exported as configuration to be available on all the environments. As such, there is not much you need to do in your code to define a role, but simply create them as needed in the UI and export them to configuration. As you remember, if you want your role to be provided by your module, add the exported YAML file to the config/install folder (and remove the UUID). Refer to Chapter 6, Data Modeling and Storage, for more information.
Permissions, on the other hand, are a custom construct. In Drupal 7 they used to be defined by implementing hook_permissions(), but are now created using a YAML file (very similar to how we define menu links). However, they are not plugins, but a custom construct created by the core User module. The PermissionHandler service is responsible for reading all the YAML files and figuring out all the existing permissions on the site. This is not something you need to worry about, as you won't be interacting with this service. You'll mostly be interested in defining new permissions and checking whether a user has them, or setting those permissions in various access contexts.