Thanks for making this forum post - the use of browser-support with daemon grants a lot of privileges to a snap (see the previous discussions for similar requests for some background on this:
and
Does pam-app absolutely require the use of browser-support? I understand the wish for daemon is to have long-lived daemon that is automatically started etc - in that case, perhaps the use of the snap_daemon user via system-usernames could help so that the snap doesn’t have to run as root.
However, even in this case, the daemon will still be started as root and it would have to drop privileges to the snap-daemon user, so this doesn’t entirely alleviate the security concern.
As such, if the use of browser-support is absolutely required, we would need to perform publisher vetting as though this were a request for classic confinement.