Thank you, PJ, for your thoughtful and detailed response.
I was thinking mostly of incremental security updates and backports to the OS for the most important protections, where possible within a Jetpack release, rather than leaving these to a full Jetpack update (and a reflash requiring Force Recovery Mode).
But I have also wondered about a remote supervisor that could host Recovery Mode (and other forms of remote maintenance). We have made a start on ideas for a simple microcontroller based front end for basic support. There seem to be some powerful fleet management tools in this area, which could be a foundation (but also with expense and potential lock-in). I have not explored these in depth so far, TL;DR. BFD indeed. Thanks for the Mender reference.
In respect to testing, the different models and configurations are fully checked and run through regression testing for any updates.
And after all, the Jetson line is defined by NVIDIA as embedded-computing for Edge AI. The “Edge” can be far away, up a pole …, and embedded can be deep within a something hard to access.