I for one welcome our new OS-level code signature verification overlords. May they smite evil and incompetence swiftly and brutally...except when 'evil' is defined by foreign governments, domestic law enforcement, or fair competition with built-in features.
With great power comes great "you guys better not fuck this up."
"If an app is found to be malware, Apple can revoke that developer’s certificate, rendering the app (along with any others from the same developer) inert on any Mac where it’s been installed. "
Yeah, it's not a great reach to think that in five years there will be no Option 3 and malware will include any program that the government of the nation that your computer is in deems undesirable. Apple and Microsoft will likely be forced to have such capabilities by various national governments.
If you think it's that possible then why not contact your congress person/senator and have them look into this? In fact, talk to them about drafting a law against not being able to install software of your choosing on a machine you buy. Or, at the very least, a law for being able to take your data with you when you decide to leave a platform. This wouldn't help China, Iran, Syria, etc. but it would at least give US citizens some protections.
Personally, I'm not very afraid of option 3 ever going away but I also am ready with a FreeBSD VM instance.
With great power comes great "you guys better not fuck this up."