You have the right of it, stateful IPv6 firewalls have the same security protection as IPv4 NAT but are simpler to maintain and simpler to design protocols for. It's also easy to use something like uPNP or to make static rule checkboxes like "I want to use VoIP", or "I want to host a webserver", that put in the appropriate rules. That shouldn't be any more complicated than the existing systems, less complicated than configuring port forwarding.
Another policy would be to turn off any filtering for hosts which have their own built-in firewall. That should simplify protocols and reduce connectivity and support problems across the board.