Windows and Mac have had solutions to this for years. You can encrypt user files using their OS login, so they don't have to decrypt every time they start the app.
What does this gain over just encrypting the drive/backups? Anything running on the system has the same access.
If the drive is not encrypted, surely for Windows at least it's possible to reverse engineer the encryption secret. Maybe on Mac you could do something with T2, but now your config is not portable, and still doesn't solve the malware on the system case or the "your sibling/visitor/housemate whoever has physical access".
In a multi-user system using DPAPI [1] on windows protects secrets from other users, even if the disk is not encrypted. Secrets are encrypted with the user's password.
If the drive is not encrypted, surely for Windows at least it's possible to reverse engineer the encryption secret. Maybe on Mac you could do something with T2, but now your config is not portable, and still doesn't solve the malware on the system case or the "your sibling/visitor/housemate whoever has physical access".