It's a toss up. How many variations of the groups vs how many people. Either way isn't going to be "simple".
I would lean towards individual access for folder permissions. That way your transitions/states can focus on permissions for moving through the workflow. The folder permissions just give the people permission to do the workflow within that folder.
You don't want your main job to be policing who can do what in hundreds/thousands of projects. Make it as simple as possible.