I don't see any issues with your approach. You can reset the posting key with ease. There is a lot of work being done on making onboarding much easier for Hive. We are getting closer to a "standard" in which apps can opt into with ease to share the same easy login system across the various front ends.
Your last point about one-click custodians is a great point, It would be nice to have this feature streamlined for app/tribe owners.