Thanks for the suggestion - with this in place it now works as strictly confined after manually installing the snap, connecting the interfaces and then reenabling:
snap install ./wfuhuMg7FCMYJGocE7AUGCdiW6vAkiH8_19.snap --dangerous
snap connect rpi-tpm2-slb9670-hwe:system-files :system-files
snap connect rpi-tpm2-slb9670-hwe:kernel-module-control :kernel-module-control
snap start --enable rpi-tpm2-slb9670-hwe
And then it automatically loads on boot as expected too!