You will have to create 2 custom roles, one that grants read permissions and other that grants contributor permissions and:
- Add a role assignment at the subscription level (the one that will contain all aformentioned storage accounts) for the one that grants permissions so that it applies to all storage accounts below it.
- Add a role assignment at the resource group level (the one where the "all other storage" accounts will be placed) for the one that grants contributor.
Or
Create 2 resource groups:
- One that will contain "all other storage accounts". Add a role assignment to this one for the role that grants contributor permissions.
- One that will only contain the lone storage account. Add a role assignment to this one for the role that grants reader permissions.