I see your point of view but I agree with @Patrick on this one.
Your point heavily assumes “Linux machine running a KVM machine is not that suspicious” is entirely in context of specific countries in specific times.
Some tight dictatorship countries, especially during times of unrest will arrest you incase they suspect even slightest of “above average technical ability” e.g. running Linux host and running virtual machines on it.
Their mindset would be “this person or group is running Linux, people run Linux because they have something to hide! oh and on top of that he is running a virtual machine! what is he scared of so much”
This sounds comical but There are countless arrests or interrogations based solely on this “logic” and I should mention that “arrests” in those countries means torture to death
A more tangible issue for other countries is fingerprinting. They don’t have to be sure that a Whonix VM was started or is installed, they just have to know that a VM is there and it is enough to narrow down the search considerably
Do not undermine value of metadata, a lot of people die every day because of it. We kill people based on metadata
So, optimally the host should not leak information on whether or not they have VMs/dnsmasq or anything out of ordinary