Microsoft can make whatever "rules" it wants, it's up to the OEMs if they wish to follow them or not.
It's been this way for over 15 years, this is nothing new at all, Linux has been handling this type of thing (remember the PC99 rules?) and will continue to do so just fine.
The UEFI group has specified what the Secure Boot rules are, and Microsoft, as the signing authority, can do what it wants to do on top of that if it wants to. If you don't like Microsoft's signing authority rules, then work with the OEMs to get your key into the BIOS so that you will not have to worry about anything. But be prepared to work with the OEMs and abide by their requirements, which are very strict.