Ok, you tell us that we should change the default password for user in both Gateway and Workstation. So, how to do that on a Gateway? There is no keepassx(c) installed by default. I suggest to preinstall keepassx or keepassxc in Gateway by default so users can easily change the user password and keep it inside an encrypted database on Gateway machine to easy copy-paste it in future.
So, really, how to change user password on Gateway VM? Write it down on a sheet of paper and type it every time when I need to perform
sudo apt autoremove or enter
tor-control-panel for example? The only convenient way to change user password in Gateway VM is to preinstall password manager there.
The threat model isn’t clear.
Out of scope: physical attacks. → Protection against Physical Attacks
Open development question: Which process running under which user account might get compromised and what damage could these do if these had the user/sudo password?
The original KeePass is preferable.