Basically, you want to not disable kernel.unprivileged_userns_clone.
For a temporary solution that has to be redone after reboot, there is sysctl kernel.unprivileged_userns_clone=1.
For a lasting solution, consider echo kernel.unprivileged_userns_clone=1 | sudo tee /etc/sysctl.d/99-enable-unpriv-userns.conf.
In either case you’re foregoing security for the sake of convenience/functionality, so I understand why you would rather not act upon either of them.
I don’t know what the solution is that would be analogous to installing bubblewrap-suid. Perhaps, it’s worth exploring the projects found within the github page of Awesome Fedora Security for some pointers.