FYI, you only need to specify write with personal-files since it implies read.
It seems that Kubicorn is not the owner of ~/.kube but rather an add-on for managing k8s and the personal-files interface was developed for snaps that have authority on the files specified (eg, firefox could specific $HOME/.mozilla for importing settings). My initial feeling is to grant a snap declaration allowing the installation of Kubicorn, but not auto-connecting it. This gives the opportunity for the snap to be installed and advise the user to take action. What do others think? I’d like to hear what others think before voting on this (esp. @niemeyer and @pedronis, but also others).
As for ssh-keys, this interface grants full access to the user’s sensitive private keys. Since $HOME for snaps defaults to SNAP_USER_DATA and users can copy files down into $SNAP_USER_DATA/.ssh to have ssh work, -1 to auto-connect ssh-keys. I suggest that on startup, the snap discuss either copying individual keys to $SNAP_USER_DATA/.ssh or plugging the interface.