Although I'm convinced that passwordless sudo helps a lot to make life easier for new Qubes users.
> For QubesOS reasoning for not needing hardened templates to make sense, I would need to have a completely separate AppVM for each application and I don't think QubesOS was meant to be used like that.
This is not necessary. You can group your apps with the same trust level in the same VM. Again, it's especially helpful to the new users. Advanced users like you, with strict threat models, can use minimal VMs to compartmentalize much more.
This is easy to change:
https://www.qubes-os.org/doc/vm-sudo/#replacing-passwordless...
and
https://forum.qubes-os.org/t/replacing-passwordless-root-wit...
See also: https://forum.qubes-os.org/t/passwordless-sudo-selinux-under...
Although I'm convinced that passwordless sudo helps a lot to make life easier for new Qubes users.
> For QubesOS reasoning for not needing hardened templates to make sense, I would need to have a completely separate AppVM for each application and I don't think QubesOS was meant to be used like that.
This is not necessary. You can group your apps with the same trust level in the same VM. Again, it's especially helpful to the new users. Advanced users like you, with strict threat models, can use minimal VMs to compartmentalize much more.