deferring chowns to unknown users until after triggers

I'm currently thinking of revamping the way users are handled. Ideally, I'd like to reduce usage of pre/post-install/upgrade/deinstall hooks as much as possible (the ideal amount being zero) in order to allow for fully atomic transactions (hooks break that as they require the filesystem state to be updated). For users/groups, instead of doing it in hooks, I'd like some kind of central sysusers process (similar to systemd-sysusers) to take care of creation, and have it run from a trigger on the directory containing the configs.

Currently, user handling gets in the way of this. The apk files store ownership as usernames/groupnames, which is good as it allows uids/gids to be allocated dynamically. However, it also means that the user/group needs to exist in the passwd/group file so that it can be applied.

I gave this some thought, and had an idea - how about we simplify defer chowning the file to after triggers have completed running? Basically, every time the lookup fails, record the failure, then once triggers have run, retry the lookup and chown. Thoughts?