1. Are all private blockchains permissioned or what makes a blockchain private?
A private blockchain could be one which is simply not available to the general public, e.g. a piece of software that is only distributed to a certain number of people. Of course, to keep the blockchain private, a permissioning system would probably have to be in place.
2. If a private blockchain has only one permissioned entity that can append new blocks ("miner") and it doesn't do any PoW or PoS, how close this entity becomes to a traditional middleman? I understand that they can't alter transactions is they are signed by digital signatures, but what they can possibly do?
It is no different from a traditional middleman. That single entity can alter the transaction history and censor transactions because the PoW is what makes the Bitcoin blockchain immutable. Such a private blockchain would be centralized and no better than a central SQL database. In fact, it is worse than a central SQL database because it is more inefficient than such a database.
3. Are they vulnerable to some attacks that don't exist in decentralized blockchains?
Certainly. Permissioned blockchains require using different cryptography and have completely different security models, so is vulnerable to different attacks than a decentralized blockchain.