Like you said, it's not ideal to use single key addresses for so many reasons. That's why I loved the idea of wallet creation on Blue wallet.

taproot addresses are kinda encrypted by themselves, and you could easily make a scheme with a mathematical sequence for subkeys. your private key is the root, it is hashed with nothing extra, and then each subsequent key could literally be just another 4 byte sequence number and it's virtually as good as a HD key, and it'd be easy to specify them with a decent taproot key interface.

my project https://github.com/mleku/signr has a method for encrypting private keys that uses an argon2 encryption with very high memory/parallelism parameters, it takes about 1 second to generate the encryption cipher that is XORed over the encrypted key (32 bytes).

it also includes an implementation for making taproot keys in it, which could be extended with a scheme like i mentioned above.

probably could raise the parameter settings but to make it parameterisable i'd have to add a 33rd byte to signify some scale of work requirement for it.

i was just reading the other day also that 4 distinct words makes enough entropy to be virtually impossible to guess. my algorithm doesn't make any stupid requirements about spaces or needing to have this kind of character or that, so it could be literally like the last 4 words of this sentence. hell, most people can probably easily remember twice that long.