Apologies in advance if I get this wrong.

What it sounds like is building the equivalent of an xpriv.

You’d probably need some sort of offline signing device to do this like the Bitcoin wallets institute. The master key needs to live “somewhere”.

On the web clients the NIP-07 carry the nsec and only takes in data to sign, never exposing the private key.

I’m not an iOS expert and don’t know how you’d do this with a native app.