Disagree. There are many more requirements, as you suggest, than just using https. There are data access, personnel, data sharing, auditing… the list is endless. HTTPS is only a single aspect of this, and may be more or less important depending on use case.

And all of these components of good data governance are difficult to do well, especially in a generic sense, without the context of the actual project.

There are many solutions to good HTTPS access, and signposting these and providing good integration is vital, but do not try to reinvent the wheel on this. A bad security implementation is a massive security risk. Focus on what you uniquely do well - streamlit explicitly NOT providing Https is much more preferable than an outdated or incomplete implementation.

Hosting on streamlit or behind a reverse proxy is trivial and allow separation of security from business logic.

My $0.02 - do NOT put it on the road map!