How can I stop Visual Studio's Web Publish from removing write permissions from my target web site?

You can add turn off the ACL setting functionality by adding this to the .pubxml file:

    <IncludeSetACLProviderOnDestination>False</IncludeSetACLProviderOnDestination>

See http://msdn.microsoft.com/en-us/library/ff398069.aspx

The article also mentions you can change this for all publish configurations via a local .wpp.targets file. Make sure to consider that option if you use multiple publish configurations

In some cases you may find that after publishing a project using Web Deploy the ASPNet IUSR cannot write to the root directory or any files within it (except App_Data).

By default Web Deploy sets the ACL of the ASPNet IUSR to read only. To prevent this from causing problems when you publish your application, you will need to locate the project file and make some changes. The project file will end with the extension .vbproj for applications written in Visual Basic or .csproj for applications written in C#. In the project file find:

<propertygroup condition=" '$(Configuration)|$(Platform)' ==
'Release|AnyCPU' "></propertygroup>

and change it to:

<propertygroup condition=" '$(Configuration)|$(Platform)' ==
'Release|AnyCPU' ">
<includesetaclproviderondestination>False</includesetaclproviderondestination>
</propertygroup>

This will ensure that ACL is not modified by Web Deploy.

If you already deployed to a 3rd party hosting provider, you may need to contact them to get your permissions reset before doing another deployment.