Indeed, well, that is the disadvantage of the superroot boot mode.
It’s only for the superroot boot mode. I wouldn’t know how else to implement superroot, i.e. allow manipulation of files such as in /etc/apt/sources.list.d folder or other files deemed dangerous for untrusted root. superroot is same as “trusted” root. Same as Whonix has prior apparmor-profile-everything or same as most Linux distributions.