I think there are legitimate concerns about giving untrusted apps free reign to access your microphone or webcam. With that said, I agree that requiring the user to connect up interfaces is probably not great either.
Ideally the user should be prompted when the app tries to use the device. That means the app is already running, which is too late to start fiddling with its AppArmor confinement.
There is some support in
xdg-desktop-portal for displaying an access control dialog box for device access, but it doesn't seem to actually implement the actual device mediation. Instead, it sounds like the idea is for a PulseAudio module to call into
xdg-desktop-portal to decide whether to give a client microphone access.
I'm not sure if there is any daemon in place to mediate access to the camera yet, so that's something to investigate. We had such a service on Ubuntu Phone, so if there is no equivalent for GNOME yet, perhaps that could be a starting point.