I am going to change a bunch of repos to have a new edit policy using conduit. Can I just create one policy object and reuse that PHID on all the repos or should I be creating a policy object for each repo? It looks like whenever a permission policy gets changed through the UI, a new policy object gets created and that PHID gets associated with the permission in question so I think this is safe.
Yes, this is safe by design. Policies are immutable.