I am not sure what you mean by security sensitive app. Something like Samsung Knox will not work after you unlock the bootloader but that's because of the assumptions it needs to make in order to promise user data integrity. It's similar to apps requiring TPM for data/disk encryption. Self signing wouldn't restore that chain of trust. Those apps breaking is working as intended, none of the financial apps I use were affected. There's option for systemless root.
Also, I know companies have used the root status as a form of DRM. That's not about user security, it's about protecting DRM security, like Widevine L1 or L3 and the android Netflix app. Financial apps haven't been an issue for me, I am running bootloader unlocked and rooted using Magisk.
Just reread what you meant, yeah, I see that self-signing wouldn't neccesarilly solve the issue. As you say, it might also be that some apps use root status. After they updated our digital signing platform, a colleague who had a phone from china which wasn't even that old, stopped working, and I've had friends which had the same thing happen. They weren't rooted. So I don't know if there is some hardware component to it, like TPM that you mentioned?
It's worth saying, you cannot use banking apps here, without a valid digital signature, which proofs your identity. It's not just the financial app itself, it's the legal requirements we have here, which make the financial apps use this digital identity verification.
So if self signing cannot guarantee those assumptions that are being made, there's no way around it.
Also, I know companies have used the root status as a form of DRM. That's not about user security, it's about protecting DRM security, like Widevine L1 or L3 and the android Netflix app. Financial apps haven't been an issue for me, I am running bootloader unlocked and rooted using Magisk.