i don't see how it's a design mistake, linux allows more footguns in general to not decrease utility. Allowing you to manually give root prompt access (with warnings!) to a non-root user is one of them.

you can also just not run docker as root and not add normal users to the docker group

Containers were never a security boundary