I could have sworn there was a DH key negotiation? And I worked in WiFi for a decade, a decade ago... Sorry, obviously I have not had enough coffee yet today.
I think you can also do it with WPA2-Enterprise, so a common trick is to set up enough infrastructure to let your users use EAP-TLS or something, and IIRC EAP sets up a per-client session key in the handshake. The public LinkNYC wifi network, for instance, has both an open network and an EAP-TTLS one that you can download a provisioning profile for.
Looks like this was only added in WPA3!