Writing to the users homedir is fully allowed (for all non-hidden files and dirs in there) if you plug the home interface…
When you uninstall a snap a backup of all user data is automatically taken, nothing is removed, during updates the content of the versioned dir is copied forward…
If you do not want this behavior, make your app use the $SNAP_USER_COMMON dir, which is unversioned…
Full gpu access is provided via the opengl interface, adding the plug gives you exactly the same access as running your app non-snapped…
For password-manager you could attempt to get autoconnect granted or simply pop up a message for the user from I.e. a yad or kdialog command-chain script…
None of the above justifies classic confinement, your app would have to fit into one of the supported categories at Process for reviewing classic confinement snaps