This seems fragile
This also seems fragile and unintuitive inside snapd because now you would have connections that are sometimes hidden from the user. Perhaps this already exists in other places but it seems too “magic” to me, and if it’s going to be hidden from the user anyways why implement it as a connection in the interfaces and not just go with the automatic mount entry like described in 3 anyways?
I’m a little lost on where the symlinks point such that it could be updated without a mount namespace change. Would /usr/lib/snapd/snapctl (which is really a view into /var/lib/snapd/exports/core/snapctl in the initial host mnt ns) point to somewhere in the hostfs like /var/lib/snapd/hostfs/var/lib/snapd/exports/core/snapctl ?
Also it seems like solution C could be implemented just for the core/snapd snaps without exposing the functionality via the interface system which would be easier and allow for the more general work for exposing other kinds of files from other snaps to happen later.