Adobe Experience Manager Sites & More

I'm using AEM for a project that has four types of environments:

1. Tenant dev (on-prem): This environment is used by developers of each tenant to work on individual features or functionality for their respective tenants.

2. Dev (AMS): This environment is used to integrate all tenants' features and functionality and is used for testing purposes.

3. Stg (AMS): This environment is used to run acceptance tests and verify that everything is working as expected before moving on to the production environment.

4. Production (AMS)

I need to manage and deploy user group, permissions, and workflow data across these environments. I'm wondering what the best practices are for doing so.

Specifically, I have questions about where I should create the user, group, and workflow data, and how I should migrate this data to later environments. Should I use Git or a package manager, or are there other ways to do it? 

If using the package manager, is it necessary to export the XMLs and manage them with Git as well? And do we transfer this kind of content using the tenant.ui.content package or some one-time use package created from the source environment?

I'm looking for guidance on how to ensure that the user group, permissions, and workflow data are consistent and up-to-date across all environments, while minimizing the risk of errors or data loss during deployment. Any insights or recommendations would be greatly appreciated.