As it stands creating a schema extension for a user, means that the permissions needed to set that extension for a user requires User.Readwrite.All.
Irregardles of whether you only want to update the delegated/current users schema extension.
Ideally User.ReadWrite would suffice to update only the delegated/current users schema extension, with User.Read.All being sufficent to read those from other users.
While the documentation states that "For example, for an app to be able to update the signed-in user's profile with custom app data, the app must have been granted the User.ReadWrite.All permission." it feels as quite a large privilege.