Given that it should be difficult, if not impossible, for random applications to listen in on user actions, is there a better way Apple could have done this?
A popup on the first start with an alert and a password prompt is a good solution, but usually too many users type in their passwords blindly in case of a password prompt, so I would go with just an alert with "you need root privileges to run this app" and then they have to figure out 1. why do they need root privileges 2. how do they start an app with root privileges.
The security barriers for getting keyboard events in macOS are not as simple as “root has access to everything”, and for various reasons can’t and shouldn’t be that simple. So ignoring that part, Apple could make this into a one-click solution, but the number of legit apps that need to do this are so small that it’s very unlikely they will dedicate engineering time to it.
This is obviously where open source is superior. Apple probably can’t justify cleaning this up in macOS, but you can just go in and make it easier on on Linux if you have the knowledge and time.