As mentioned earlier, snapcraft and the Store now support more granular macaroon attenuations (along with short expiration). See more details in Better support for other CI systems
We haven’t prioritized the hardened upload task yet. Please, let us know of any specific use-case blocked on this.