Relays can decide whether they want to allow subkeys to AUTH and write on behalf of the main key.
This is more powerful than delegation alone.
Discussion
I think the only missing thing would be this aspect then. Or maybe that’s solved too. Not sure. nostr:nevent1qqsvvdezcvrrl7sge9m9jxpkejsp3vsyxmxg867j3lpxxdc8y49kpegpzemhxue69uhhyetvv9ujuurjd9kkzmpwdejhgqg5waehxw309aex2mrp0yhxgctdw4eju6t0qyxhwumn8ghj7mn0wvhxcmmv826caw
Read restrictions can also be done by you guessed it, AUTH!