They're talking about the attack surface to get accidental code execution from opening files that try to exploit vim. Integrating shell commands with vim/less is a valid feature.
>namespaces (which have been a frequent source of vulnerabilities)...
Unprivileged user namespaces sure, but I don't think that applies to namespaces in general (which without unprivileged user namespaces can only be created by root, and LPE is the concern with unprivileged userns due to increased attack surface). systemd doesn't need unprivileged userns to run.
Services may be in a different mount namespace from systemd for sandboxing or other reasons (also means you have to worry about filesystem permissions I suppose). Passing an fd from the parent (systemd) is a nice direct channel between the processes
The vast majority of services and user programs don't need to escalate privileges by invoking SUID/SGID binaries. no_new_privs should be used on them so that the "setuid with libc/LD programs" security boundary is avoided.
They aren't preventing you from using a content filter nor are they making it difficult to scrape the site. The counter measures against this are the problem.
I agree, I don't even care about ads in specific. I primarily use the tor browser which doesn't block ads due to fingerprinting (it's ok for casual browsing, though some sites are actually obnoxious and slow down the browser). More generally, I care about web scraping and being able to control the presentation of content: for internet archival, using a featureful video/music player (mpv) or library like a local imageboard, utilities like user scripts to add features/programatically do stuff, content blocking (filter rules for specific posts/users), creating RSS feeds for notifications if the site doesn't offer one, simpler/faster frontends like invidious/nitter, etc.
For faster session establishment in OpenSSH consider ControlMaster in ssh_config(5), which multiplexes multiple sessions in one connection instead of creating a new connection for each session.
