<pnp:Security>
<pnp:SiteGroups>
<pnp:SiteGroup Title="SharePointGroupName"
Description="Sample SharePoint Group" Owner="i:0#.w|domain\user" AllowMembersEditMembership="true" AllowRequestToJoinLeave="false" AutoAcceptRequestToJoinLeave="false" OnlyAllowMembersViewMembership="false">
<pnp:Members>
<pnp:User Name="i:0#.w|domain\user" />
</pnp:Members>
</pnp:SiteGroup>
</pnp:SiteGroups>
</pnp:Security>
Then, on your lists you just add the following as a direct child of the ListInstance node:
<pnp:Security>
<pnp:BreakRoleInheritance CopyRoleAssignments="false" ClearSubscopes="false">
<pnp:RoleAssignment Principal="SharePointGroupName" RoleDefinition="Full Control" />
</pnp:BreakRoleInheritance>
</pnp:Security>
It really is as easy as that.