least privilege: Which is ok, but on a Server any modification you do requires root anyway, there is usually very little benefit
Additional protection through required sudo password: This is for example easily circumvented by modifying the bashrc or similar with an sudo alias to get the password
Multiuser & audittrails: yes this is a valid point, on a system that is modified or administered by multiple ppl there are various reasons lime access logging and UAC for that
Most comments here suggest 3 things
An actual person from the pen testing world: https://youtu.be/fKuqYQdqRIs