Ability to customise OS installation in Virtualized guest

I'm posting this here hoping somebody may have some ideas for solutions, or if they can point me to any useful resources. We want to be able to customise macOS installations created from the Virtualization framework for the purposes of driving automated testing of our software. In an ideal world these Virtual Machines become very much transitory, where they can be removed once they are finished with.

My company writes security software for enterprise customers leveraging the Endpoint Security framework, and one of the ways in which we ease the pressure on our QA team during regression testing is to use a lot of automation.

Given that the nature of automation testing is that you test systems against known configuration states, we have always made heavy use of Virtualized environments to ensure our test results are reliable.

With the progression of macOS over time it has made it ever more difficult to reduce the amount of manual setup required to ensure the virtualized macOS installation is in a ready state to begin testing.

For example, we currently have to join virtualized macs to an MDM server simply to be able to install configuration profiles that pre-authorize system extensions, or to send PPPC payloads to ensure our automation framework can work without the user having to manually approve PPPC requests for Accessibility access.

We also then have to manually install the test harness in the virtualized mac as there is no way for us to mount the disk image after OS installation (you can almost do this, but you cannot unlock the APFS volume due to needing to know a passphrase to unlock said disk which I presume the Virtualization framework has safely stored somewhere in a Keychain on the host system)

We would like some solution to being able to place configuration profiles in to a Virtualized mac (we would be happy for this to be available to Apple Silicon platform only, ignoring Intel) without having to involve an MDM, or as a next best thing, some way of instantiating the enrollment with an MDM from the host side, rather than the guest side, so that it behaves more similarly to DEP auto enrollment.

As things stand right now, there is no possibility of us using what would be our preferred solution of an IaC style definition declaring software test suite, and OS version to be created to run the tests, because we always have to instantiate test hosts manually by joining them to an MDM to deploy configuration profiles, and to install the test runner.