Beet & BeetEOS already offer wallet-side fine-tuning of allowed operations when interacting with QR codes, deeplinks and websockets, but yeah BSIP 40 is interesting for sure!

With BSIP 40 custom authorities, you could add that single key for the account in the wallet similar to adding a memo key based account, it will enable significantly reducing the amount of confidential data being stored encrypted on disk.

You could also create a github action which is scheduled to publish price feeds, with the custom price feeding key stored in the private reporisory credential store, without fearing loss of your entire account. Worst case scenario if your github account was hacked is that invalid feeds are provided, but you could plausibly invalidate the key to stop the attack before regaining access to your github account.