What's stopping you from creating a "localhost.mydomain.com" DNS record that initially resolves to a public IP so you can get a certificate, then copying the certificate locally, then changing the DNS to 127.0.0.1?

Other than basically being a pain in the ass.

No, they will only give out certificates if you can prove ownership of the IP, which means it being publicly routable.

Browsers consider ‘localhost’ a secure context without needing https

For local /network/ development, maybe, but you’d probably be doing awkward hairpin natting at your router.