getting permission denied info in log files is useful for far more than "diagnosing cryptic one by error codes"
it lets the admin of the box see all the access that was denied. This can frequently identify 'bad actors' (unless they know the system intimately, they will have to poke around a bit before they find the hole they can get through)
And if you have a lot of permission denied errors, you would want to fix the software that's generating them to do something different.
all of this without any need to tie it in to a specific return code.
It happens to also give you a way to get more detail on the specific error (when you can tie the error to a specific time), and it nicely addresses the fact that you may not want to user to know all the details of why the permission was denied, but you do want to let the admin know.