I understand it's because it's a device driver, but why should a pure software publisher which has no hardware product of any sort be required to go through a "hardware program" gatekeeper of what binaries a person can choose to install and run on their own computer?
They started it because the drivers people used to use from hardware vendors would routinely blue screen windows, which made MS look like the reason windows would crash. Hardware vendors are notoriously inept at software.
Í think their point was that Wireguard has no physical hardware, so it’s strange as a software project they’d be forced to go through verification for a hardware program.
It sounds more like a "driver program" gatekeeper so you are arguing about semantics. I'm not claiming that there is no problem, just that an argument based on the distinction between "hardware" and "driver" is void.
Outside of these unfortunuate situations, a lot of people are quite happy for developers of eg kernel anti cheat to have a difficult time.
We do need to recognise, a long history of "windows always bluescreens" was somewhat reigned in by this policy with a lot of crashes coming down to third party drivers.