Thanks for sharing all the details also for others here! @blaker Could you take a look at the CA issues?
For the persistence: Both ways should work. There is one issue we are currently working on for the fresh enrollment each time: The list of Elastic Agent in Fleet keeps getting longer and is not automatically cleaned up. The concept we have in mind to solve this is ephemeral agents which is agent which automatically are unenrolled after some time of inactivity.