There would be a lot of value in whitelist and audit features for IT to manage their risk when letting developers install applications themselves (if not also a binary repository).

One model (and possible partner) here is Sonatype, with a growth path into binary repositories for development (Swift packages, cocoa pods et al).

I realize you might not want the burden, but you might partner with someone or some company. (And I would encourage others to collaborate before forking.)