I know that all Octopus users are added to the Everyone team and that the default for this team is its members can do nothing. Is there a recommend base set of permissions we should assign this team?
This is correct, all Octopus users are members of the Everyone team. As a rule of thumb we tend to assign the Everyone team the Project viewer and Environment viewer user roles for each space in the Octopus instance.
This gives users read-only access to the Project and Environment parts of Octopus.
It might be that, when you’re configuring your Octopus instance, you find that it would suit your requirements to give additional permissions for some reason. If you do grant additional permissions do it with caution keeping in mind that any existing or newly created user will have this additional access.