A lot. All keys are birthed inside the enclave, and you need an on-chain smart contract to manage how the keys come out and to whom (if ever, they can also just stay in there unknown to all humans). Once they keys are out and knowable to a human being then the enclave has to self-destruct in essence, because then the pending tokens are unknowable and there's no point of having it in the enclave anymore.

And the smart contract also governs who can attest what from the mint's database while the mint is live in the enclave.

The thing is that to run an enclave governed by a smart contract you need a blockchain that is designed to connect to enclaves, meaning the chain's node has to be of an SPV type that can actually run inside an enclave and has enough stuff pre-loaded to prevent the success of any attempt at injecting forged data via the vsock. You can do this, but not with the Bitcoin chain. Also there are all-in-one chain+TEE combos that use intel SGX enclaves out of the box.

Nostr tends to get touchy when you use a chain that isn't Bitcoin so not sure how all this would fly here. But you can't not have a smart contract in the mix, and that smart contract can't be on Bitcoin unless you preform some very ridiculous ZK proof gymnastics which why would you do that given that chains exist that were purpose-engineered for this exact kind of thing.