Having boot modes
delgroup user sudo
addgroup user sudo
wouldn’t improve security too much. At least wouldn’t help much for users who install some custom package every now and then. (They need to use
sudo for that.) Let alone add custom (third party) APT sources list. (Requires root to edit sources.list.d.)
Mostly would help users who do follow Prevent Malware from Sniffing the Root Password.
(But these would not even want
addgroup user sudo.)
Not sure it’s even worth it to implement boot modes
sudo=1 for discussion. Would be presented to user in better terminology.)
Comparison with Tails:
Tails boots always fresh, malware clean. Considered non-compromised.
(Just assuming it for sake of discussion not considering firmware trojans etc. When boot from read-only media boot.)
Tails boots by default without root access. Setting a root password is an opt-in. Tails an edge here.
There are kinda two paths there.
-  Allowing more and more things (apt dist-upgrade, install packages from packages.debian.org) without need to gain root / entering sudo password. Android does that. Users can do a lot things there without root. For example, setting up VPNs.
-  Make users boot into user
These two are not really exclusive.  will always be limited. A lot effort to implement. Might never get there.
I typed too little. I meant, after users just run “sudo apt-get dist-upgrade” or “upgrade-nonroot” they can no longer use “sudo”. Kinda unexpected, breaking usability change. Considered unstable by users most likely.
That would mean “boot into user admin” is an OK solution too?
Yes. However, it’s on us to provide easy, secure work flows. I think "boot into user
admin" is a nice clear way to separate things. Will describe more clearly soon.