In an environment where we control the host system and all installed extensions, we need to allow postgresql non-superuser to install all of them, without opening gaps that will let this user gain superuser privileges. We have a sample solution to add a new default role pg_create_extension which does not need superuser privilege to create any extensions.
However we are not sure if it's the best approach. Are there any other ideas, proposals or feedback?
Is this something you would consider adding to the next major release?