We have had requests to support system-user assertions bound to specific device serials. Extending system-user this way makes sense but we need to be careful that at least properly extended assertions are not accepted like permissive assertions by old snapds.
A system-user assertion bound to serials must have:
formatset to 1 or greater
modelsheader must be present with exactly one entry
serialsheader with a list of serials (matching the
serialfields of the target device serial assertions`
Conversely a snapd supporting this and the signing code in it should reject a system-user assertion with a
serials header without the two conditions met on