Having to type sudo already acts as a moly-guard. Whatever OP wants to do I won’t stop them, but they are doing something strange.

Sure, though I advice against it. The following C program can do that:

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int main(int argc, char **argv) {
	if (argc < 2) {
		fprintf(stderr, "usage: %s <command> <args>...", argv[0]);
		return EXIT_FAILURE;
	}

	printf("Executing");
	for (int i = 1; i < argc; ++i) {
		printf(" %s", argv[i]);
	}
	puts("\nPress ^C to abort.");
	sleep(5);

	if (setuid(0)) {
		perror("setuid");
		return EXIT_FAILURE;
	}

	execvp(argv[1], argv + 1);
	perror(argv[1]);
	return EXIT_FAILURE;
}

As seen in:

$ gcc -O2 -o delay-su delay-su.c
$ sudo chown root:sudo delay-su
$ sudo chmod 4750 delay-su
$ ./delay-su id
$ id -u
1000
$ ./delay-su id -u
Executing id -u
^C to abort
0

This will allow anyone in group sudo to execute any command as root. You may change the group to something else to control who exactly can run the program (you cannot change the user of the program).

If there’s some specific command you want to run, it’s better to hard-code it or configure sudo to allow execution of that command without password.

It’s not. You keep insisting that ^D doesn’t send EOF and yet:

$ stty -a | grep eof
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>;
$ man stty |grep -A1 eof |head -n2
       eof CHAR
              CHAR will send an end of file (terminate the input)

^D is the EOF character. The thing is that in C every line of a text file must be terminated by a new-line. And so, when you end a file with ^D without a return, you get funky results.

If you go with adding a passphrase to the drive keep in mind that if it’s a unique one you may end up forgetting it since you won’t normally be using it. Even if you set it to the same passphrase as root partition, if you ever change passphrase for root you might forget to change home passphrase.

I would probably just make a physical copy of the key file. It’s just 32 bytes (no, larger key file doesn’t make things any more secure) so you can hexdump -C it and copy the key on a piece of paper.

Mint is fine. Rather than changing distros, rather keep using it and configuring it the way you want it. For the most part, GNU/Linux is GNU/Linux is GNU/Linux and many popular distributions are largely the same.

This is too simplistic example to give any meaningful answer. What’s Type? What’s value? If it’s i32 and 42 than they both compile to the exact same thing. But if Type is Drop than the second will call the destructor on each iteration. (I’ve also written previously about similar example with BorrowedBuf¹).