Yeah it looks like NIP-26 "Delegated Event Signing" can be used for this.

The delegator would be the master key, and the delegatees would be the low-security keys.

It doesn't look like there's a revocation mechanism, and delegation has time bounds, so you'd need to generate new delegatee keys periodically. Which can be an airgapped operation.