This is definitely the major pain point. For device owner controlled root software cert (and independently device owner controlled hardware cert too) I'd certainly like it to be an option of some kind, because there are real tradeoffs between security and configurability here. It could for example be restricted to an order-time config, or maybe a one-time significant charge. I could even accept certain kinds of measures by Apple to combat piracy and cheating, with owner signed apps segregated somewhat say or some low level signing merely to indicate that it wasn't a restricted device. But it's definitely objectively proved to cause real problems to have Apple be the sole legitimate gatekeeper. A single central point can be an advantage in resisting certain kinds of attacks, but simultaneously a disadvantage in being subject to other kinds of social and economic pressure. Jailbreaking has also demonstrated lots of extremely useful functionality and apps that aren't allowed vanilla.
Unfortunately I doubt it gets resolved without legislation mandating that hardware owners should have the option to load root level signing certs, which leaves everyone forced to make some hard tradeoffs. Hopefully society eventually catches up with that, but in the mean time one ameliorating factor is its becoming ever more feasible to just own a couple of devices for specific purposes thanks to the improvement curve flattening out. Particularly with Apple, they've got long enough support cycles now that getting a 2-3 year old phone still leaves at least a few years of support but the discount vs new hardware is high too.