I always wonder why people act like this is so black-and-white. Either you don't allow any sideloading, or Grandma will be tricked into installing malware on her iPad by a phone scammer.As a tinkerer, I welcome side-loading with full knowledge of the risks. I also anticipate many users getting tricked into installing malicious software.
There are ways to be secure about enabling sideloading. My favorite example is Chrome OS. On most Chrome devices, you have to make a physical change to the device (such as removing a screw inside the laptop) in order to be able to unlock the system. Additionally, enabling developer/"sideloading" mode requires you to wipe the device. There is no way you are enabling sideloading without being very deliberate about it.
A similar approach could work for iOS. I imagine any tinkerer who wants to do this has a PC or Mac... so first of all the only way you can unlock the device is with an app on the computer side. (I mean the physical hardware solution would work as well, but somehow I don't see Apple ever moving towards repairability...) And once you enable dev/sideload capable mode, everything gets wiped. You will be warned about this repeatedly. "By continuing YOUR DEVICE WILL BE ERASED." If you make this hard enough, you can comply with the law without really worrying about competitors. Tinkerers who want sideloading to be able to install mods and stuff will be happy and will have plenty of pickings from the open source community (think F-droid on iOS). But no business is going to depend on people enabling sideloading if it's that onerous.
You could easily come up with even more creative ways that for this to be done. Perhaps you have to order some sort of physical hardware dongle keyed to your device from Apple to perform the unlock (which would effectively be a one-time unlock fee - which I'm not inherently opposed to). Maybe you must visit an Apple store or authorized provider to have it done as a "repair" (although I could see people being concerned about the privacy implications of this).
I won't deny that scammers can be crafty and maybe somewhere out there is a scammer who is happy to tell Grandma to get an iFixit kit and unscrew her laptop to remove a tiny screw, wipe all her data and then visit a shady website. But at the very least it would set the bar MUCH higher.
My point is, this has always been a weak argument to me. "If we allow sideloading malicious software will become a huge problem." It's not that binary. That's simply Apple digging in their heels with an argument that is relatable to less technically savvy people.