Testing kexts on Big Sur/Monterey (Intel)

What are the recommended steps for non-interactively testing kexts on Big Sur/Monterey? Our CI pipeline deploys our in-development kexts to a macOS system and then runs tests on them without human intervention. This worked fine through 10.15, but with the latest 11.x and 12.x I cannot find any way to get around having to click "Allow" next to "System software from developer has been updated" in Security & Privacy.

I thought perhaps this was a difference between notarized and non-notarized kexts, but even released versions of our kexts that are notarized experience the same problem.

SIP is completely disabled, kext-consent is disabled, and our Team ID has been added to the kext-consent list. None of these seems sufficient to avoid having to click the Allow button. Is there any way (short of MDM, which is very heavyweight for this use case) to avoid kext consent during testing?

Testing kexts on Big Sur/Monterey (Intel)
 
 
Q