It requires CAP_SYS_ADMIN. We can’t remove that capability though since it’s widely used.
Very little things are actually restricted to uid 0 anymore in Linux, everything is split up into capabilities.
Userspace daemons like haveged do use RNDADDENTROPY AFAIK. We don’t have to patch that ioctl out entirely, but we can restrict it to only the things that need it.
Internal kernel code (including the jitterentropy and virtio-rng modules) don’t use these ioctls. I grepped the entire source tree and nothing uses it.
Signature verification has been bypassed before. We don’t want to rely on it completely. Unencrypted connections are still dangerous.
Even ignoring that, sabotaging the entropy still opens up tons of new surveillance opportunities (e.g. the attacker can eavesdrop on browsing/messaging/etc.) and will weaken system security as a whole.
Root is isolated from other users. Even init doesn’t have access to the user’s home directory for example. More ways to further enhance the isolation was discussed here AppArmor for Complete System - Including init, PID1, Systemd, Everything! - Full System MAC policy - #251 by madaidan