On a completely different note, I might have cracked part of the difficulty of installing software in Qubes: (assuming it’s available on the repos, which is not the case of the previous discussion)
It’s largely a matter of personal preference. I have Signal and Keybase in their own templates, with each template having a single AppVM based on it. For Zoom, I use a StandaloneVM. Both are valid and supported choices, and both have similar security properties.
A TemplateVM becomes a big win if one has more than one AppVM based on it. If there is only one, the benefits are significantly reduced. The main exception is that if the TemplateVM’s configuration is easy to regenerate, one may be able to get away without backing it up, reducing backup size.
FYI, I have a Template where I installed Zoom, Webex, MS Teams, etc. with one App Qube (AppVM) based on that Template. I use it for video conference. It is considered untrusted considering the software installed. I gave it extra RAM and CPU in Qube Settings. This is the best balance for security and convenience for my own purposes.
I may restructure it sometime in the future as the flow should be from what the user has (.deb, repo, flat, snap) instead of where the user want to install it (app, template, standalone)