Is the RFID chip in e-passports read-only or is it read-write?

Passports conforming to the ICAO doc 9303 specification use a smart card conforming to ISO 7816, which is very broadly speaking not just a storage device, but rather a miniature computer.

It is possible to restrict read or write access to parts of its storage to only properly authenticated entities.

Looking at the relevant part of the specification (parts 10 and 11 at the referenced ICAO site), there only seem to be commands relating to reading basic data, cryptographically authenticating the travel document or authenticating the reader to the document in order to access sensitive information like fingerprints.

Without any command to actually modify data on a smartcard, it wouldn't be possible to do so.

It is of course possible that the issuing country implements additional commands, for example for the purpose of correcting information after issuance. However, such commands, if they even exist, would very likely require authentication of the reader before any write or delete access to the storage would be granted.

Regarding your specific question about the issuing authority adding biometric data after issuance, this does seem to be allowed under the specification:

Only the issuing State or organization shall have write access to these Data Groups. Therefore, there are no interchange requirements and the methods to achieve write protection are not part of this specification.

As there is nothing in the specification regarding write access to the general writable area, it seems to be up to the issuing country to specify access privileges (for reading or writing) to these memory areas.

Theoretically, countries could agree on commands for accessing these optional storage areas outside of the ICAO specifications, of course, but I consider that quite unlikely:

If the intent is to exchange travel data, why not just exchange it out-of-band, for example through server-side systems communicating passport numbers? This seems much simpler and more effective.

Just to answer the "tinfoil hat" aspect, a standard doesn't prevent a country from making passports and readers which implement features in addition to the standard.

So, a country could easily issue passports which e.g. record entries and exits or store recent photos taken by the border control of that country in your passport. Passports could also store information about border control in other countries, even if foreign border control equipment isn't actively writing to it (thanks @jcaron). This information could be read out when you return to your country, and be used to estimate how many countries you have visited during your trip. If those countries have accessed information which requires active authentication, it may also be possible to know which ones you have visited.

I am a firm proponent of that belief that the black-hats will always win. Hackers have eventually broken every known encryption and data protection protocol. The hope is that with anything that matters the white-hats can update and move ahead of the black-hats, but with a system as slow and expensive as international treaties and immigration control, it is unlikely that white-hats will always be ahead. Even the digitally signed portion of your data is more likely to be broken into eventually than not.

Passports last 10 years in the U.S. Imagine what computing and encryption looked like 10 years ago, how about 20 years ago when the standards lag starts taking effect? Given the other answers on this page, it's all read-write, or will be soon.