I cannot answer all of your questions and concerns without spending an hour or two breaking each of them down, so I will only focus on what I perceive as important.
First off, threat modelling is about determining what assets you want to protect, what adversaries are interested in them, and what resources and skills they have to dedicate to acquiring it. Distilled to its rawest form, it is about time, and the more time you want to buy yourself, generally, the more expensive it becomes to protect your assets.
So depending on your threat model, you may end up using different tools even though our adversaries may share similar skillsets. For example, most people are comfortable trusting government-regulated financial institutions with their money, while others may prefer to carry cash, use cryptocurrencies such as Monero, install a floor safe in their basement, and/or build a (modular) vault. The degree of time and resources required to defeat these security mechanisms vary, which is why threat models are different for everyone.
Building on this argument while also addressing the push notification server as previously mentioned, only some users have an issue with the LibreWolf team keeping Web Push enabled. Those who want a solution can access about:config and change the value of dom.push.connection.enabled to false, or use a VPN.
You accept it or make your own “smart” standards.
If you want to read more about how Web Push messages are encrypted, I highly suggest reading the RFC it is based upon.
Read the Introduction.
What is considered ideal is different for everyone, no different from threat models. That is why many proposed “solutions” exist. If they are not suitable for your needs, you either wait for someone to invent it or you build it yourself.