This looks exactly like it covers the requirements mentioned in the editing taskforce in the past by JS editor developers, so this really looks a great proposal. I also agree with your discussion about the security issues with the current setup (where is the security in letting users click arbitrary buttons to allow adding things to the clipboard the user hasn’t ever seen?) and your suggestions for improvements in that area look good.
However, each of those suggestions might either result in a slightly strange user experience and/or not be 100% security. For example, the “clipboard is being accessed” notification could end up looking scary to some users, while others ignore it completely. Neither one may completely understand what it means and what precautions they should take. But this is a difficult area, and there may not be any 100% perfect solution to dilemma. So I very much welcome this proposal and I hope it is merged into the Clipboard API in the near future.