After deeply checking about the fuzz on bug #534047, I think the reaction is exaggerated. The default policy from PolicyKit applies for single user that can install signed package from official repository without root password but unsigned packages need authentification. Grab any unsigned package and test yourself. For multiple user account, setting policy is the key.
While waiting for a bug fix affecting majority of 2-in-1 laptops running on GNOME Wayland session, gnome-shell-extension-screen-autorotate is now available in Fedora repository and EPEL 9 . Give a try on your device Possibly this extension will get added on the incoming Fedora Design Suite 39 as default for the owners of convertible laptops.