The same system user assertion can be used for multiple devices so long as the model, etc. in the system user assertion matches the device it is being used with. As to your question about the private key, yes, the private key is separate from the system user assertion and needs to be unique for all devices.
Yes, I think it’s a valid use-case, but admittedly it is not one that we have optimized for and is difficult to accommodate right now. If there’s not already a LP bug about this feature specifically, feel free to file one at bugs.launchpad.net/snapd. Thanks