As a power user, you can however still jump through all those hoops, even with custom kext's.

I agree that the situation sucks for us, but on the other side - you can give a piece of Apple hardware to a literal child and won't have to deal with either getting it running in the first place (as with anything Linux based) or a persistent rootkit or other malware (which is more common and easy than not on Windows).

Being easily open for power users, hard to exploit for malware and hard for incompetent people to mess up, unfortunately, is a Hard Thing.

This is mostly just Apple fixing the bonkers default security settings of a unix desktop. As devs we're used to the idea that, e.g., any app we run should be able to modify any files that belong to us, regardless of whether we asked it to. But that's actually an insanely lax security model.

It's honestly not hard to disable any security settings that are getting in the way. I run whatever software I like on my Mac, no problems.

People have been talking about how Apple were going to lock down Mac OS "real soon now" for at least a decade. There's no real indication that it's ever going to happen.