People are fixated, across this thread, on a black market of organized criminals buying vulnerabilities, but for the most part criminals aren't the real alternative market buyers for high-end vulnerabilities, and while people on message boards may incline towards viewing IC and LEO agencies as themselves criminal, I think you'll find a pretty substantial fraction of normal people find supplying IC/LEO agencies as more than just decent; praiseworthy, even.
That thorny ethical issue aside, I'm fond of pointing out that the IC's main alternative to CNE intelligence collection is human intelligence, and the cost of HUMINT simply in employee benefits dwarfs any near-term possible cost of exploit enablement packages; 7 figures is a pittance (remember: most major western governments are essentially benefits management organizations with standing armies).
Even given the seemingly vast sums earned by organized crime, government buyers are positioned to decisively outbid crime over the medium term. It's really early days for these markets.
Not commenting about the ic/leo part specifically, but there is a pretty abundant body of work on what "normal" people are willing to do, as long as they find a way to rationalize it away. The banality of evil is well documented.
In that light, what others would do is rarely a reliable indicator that you shouldn’t think twice about your actions, lest you regret later, once the thinking has happened.
I have no idea what any of this has to do with anything I just wrote, I'm sorry.
I was commenting on your point that a pretty substantial fraction of normal people find some actions decent, and even praiseworthy.
My point is that this fact shouldn’t belong in a discussion about ethics, given how often widely held moral positions have come to be a source of regret.