It means more surface (both from extensions themselves and the loader code), relaxation of things like KTRR/CTRR (you now need to add executable EL1 pages at runtime), plus the potential for signing keys to leak (Finding enterprise signing keys even for iOS is fairly easy).
Yeah, loldrivers are a thing because any signed driver can load, vuln drivers with ELAM .. I don't know of any, I believe they're quite rare.
You have a good point with attack surface, but apple has a pretty robust system already for ensuring boot and lock security that doesn't rely on EL0/El1 security. I'm sure you know more than me about higher EL's like EL3 and secure world code that can take care of all that. I'm pretty sure they don't have to issue new signing keys either, matter of fact, why let even 3rd parties do this, apple themselves could expose a memory and file system dumping api without involving third parties. That way, they could sanitize away anything they consider sensitive as well. They can also require that the commands be issued over a physical/authorized usb connection.
Point is, there are very legitimate are critical cases where memory and file system forensics could be critical. From what little chatter I've heard, forensic software today is resorting to exploitation of the devices and those exploits tend to be abused for other reasons too.
As far as Windows goes, https://www.loldrivers.io is a thing.