I received some fantastic support from Apple. +1 for using an apple developer technical support incident if you ever get stuck on something apple-y system-y like this.
Short story: It’s not possible and unlikely to be fixed.
Long story:
It’s due to quarantine behavior (as we already knew). After customizing and enabling private data around the logging, the Apple rep was able to see the following:
type: error
time: 05:24:58.704737-0700
process: Finder
subsystem: com.apple.syspolicy
category: default
message: Drag to alias/symlink /Volumes/QDiskImage/Components, which targets /Library/Audio/Plug-Ins/Components, is disallowed by system policy
Due to prior attacks in the past, Apple consults their “system policy module” when a file is dropped on a quarantined symlink. In the case we care about (plugin paths), the policy module has denies the request, because the plugin paths are not on the allowlist.
These folders are currently on the allowlist, in both / and ~ forms:
ApplicationsApplications/UtilitiesDesktopLibrary/QuickLookLibrary/Screen SaversLibrary/PreferencePanesLibrary/CloudStorage/iCloud Drive/Desktop
I noted that it’s strange that I can have a notarized pkg installer that dumps all sorts of stuff everywhere — but a notarized dmg can’t do a drag and drop, even on user authentication. It sounds like despite the symlink’s behavior being altered by quarantine, Gatekeeper isn’t being consulted at all (even though it should be, that’s the entire point of notarization and user authentication).
I also noted that possible to drag a file outside of the dmg to the “disallowed” target — the policy only applies to other quarantined files being dropped on the symlink.
So at the end of the day, it is what it feels like: An edge case Apple put in to prevent a specific type of attack, inconsistent with the notarization mental model, unlikely to be fixed.