You can create a Security Definer Funtion which can then be executed by then non-superuser monitoring role:
(Assuming you have a role monitoring and pg_stat_statements is installed in schema public)
-- connected as a superuser
CREATE FUNCTION pg_stat_statements()
RETURNS SETOF pg_stat_statements
LANGUAGE SQL
SET search_path='public'
SECURITY DEFINER
AS
$BODY$
SELECT *
FROM pg_stat_statements;
$BODY$;
REVOKE ALL ON FUNCTION pg_stat_statements() FROM public;
GRANT EXECUTE ON FUNCTION pg_stat_statements() TO monitoring;
-- connected as monitoring
SELECT * FROM pg_stat_statements();