Design the system so that you do not need users to escalate to root. Find each use case where a user may want to use sudo and then come up with an alternate way to accomplish that action from a regular account.
That would just elevate each regular account to be a root account. There is no other way to make things like modifying files directly under / possible, or to change system configurations. You can lock everything down instead, then you have Android, but then you have certainly not enabled everything a user can do with sudo.
Sounds like you don't want a Linux system, but rather a Chromebook. Have you seen https://chromeos.google/products/chromeos-flex/ ? Install it on your computer and you get Android-like security model, including only verified software and lack of "sudo" or any sort of root access.
A Chromebook is a Linux system. My concern is with Ubuntu improving their security posture. Telling Canonical to give up on Ubuntu and switch everyone over to ChromeOS is not something that I predict would work.
Using GNU/Linux at all is. Choosing to use such an operating system and then also choosing to do your updates from a terminal emulator is even further off the beaten path.
The beaten path is the defaults. Windows and MacOS particularly.
And system updates don't need sudo on desktops, it is not 1990's anymore... GUI apps like software-properties-gtk use dbus with polkit auth to upgrade software without any involvement of "sudo" or giving root access to users.
>"Being root" is just another name for the last option.
No, it's not. Take for example ping. If we want users to be able to always be able to use ping does that mean they need to be root? No, it doesn't. A privileged part of the OS can handle doing the raw socket and the unpriviledged user can talk to that part of the OS.
The key point is that some operations that require privileges are okay to expose to a user, but giving the user privileges for everything is dangerous.