Raising a minor factual point: I do not believe I created that Current symlink (i.e., the one in /usr/local/opt/postgresql, other than to run the installer. Since there's no real chance of me going back and stripping everything out I can't test a reinstallation. Maybe others could have a look especially if they've not done any previous PostgreSQL homebrew installations. But it's not harmful so I'll leave it there to see what happens with the next PostgreSQL version upgrade.
I note I am not the first (and likely not the last) to ask about cautious privilege upgrades. It's a difficult area. The folk at PostgreSQL seem to want belt and braces. None of the tools will run as superuser, and they really don't want the postgres user to be the same as the user with write permissions on the binaries. Basically it's a tool which can have a public interface so should not be installed in a way that would allow it's binaries to be compromised if the server code was compromised. The rest of the security measures are well outside the scope of the installation package.
So for anyone still following this there are three levels of ownership in my now modified installation:
root: owns the .plist (which has to be modified so postgres can drop to normal user status)
myself: owns the installation and all the binaries (and I have sudo privileges)
postgres: owns the folder with the data and log files (and does not have sudo privileges)
Still to be decided is whether postgres will have write privileges on it's configuration files (answer is likely no).
Thank you Mike for taking time to engage with my questions and have a very good new year.