> their silly role in the security theater of “but what if our users are dumb”

It's not security theater. If you go to Chromium settings -> Site settings -> permissions, and expand "additional permissions", you will see a total of 26 different permissions, each gated by the same generic "you want to use this" popup.

Permission popup fatigue is quite real, and not a security theater. And that's on top of the usual questions of implementation complexity etc.