I'm not sure that this can be done via security roles. To link two records as in your example, two permissions are required Append on the Opportunity or Note and Append To on the Account.
If you set the level for Append To on Account to Organization, then the user can link records for which they have the append permission to any account.
If you set the level for Append To on Account to User, then the user can link records for which they have the append permission to only account they own.
You are right in that the Append To privilege does not distinguish what type of record is being linked and I don't think messing around with Append privileges helps.
By allowing Append To at the Organization level (so that Notes can be linked to any account), then it isn't possible to restrict opportunities being linked to only accounts the user owns.
Perhaps the way to implement this is in JavaScript which can check that the owner of the account matches the user (but this will only work in the web interface and will not prevent opportunities linked to any account via imports) or a plug-in (which will
require development but will be enforced regardless of how the opportunity is created).