From what I have read so far, many users, including several Qubes core developers, strongly recommend using minimal templates for sys-net, sys-firewall, sys-usb, vault vm etc. If this is indeed whats best for security, why not use minimal templates for sys by default ? Or at the very least allow users to choose them for sys vms during installation, akin to how that-s already done for whonix.
More advanced users can of course do this later themselves, but many if not most users will not.
If you dont want to make the iso too big, perhaps give the option for a different iso that would contain both normal and minimal templates?