Although not as convenient, there is still a workaround.
Instead of cloning the entire system, you should instead:
- Install macOS to an external drive, using Apple’s installer. This will be a bootable (clean) system.
- Use your favorite cloning tool to clone only the data volume to that external drive.
The result should be a bootable system containing all of the user data (including accounts, preferences, apps, etc.).
The only files that belong to the sealed System volume are files that never change after system installation (since any change to any file there would require un-sealing it, re-certifying the contents, and then re-sealing it). The System volume only changes when a macOS system installer runs.
Any and all system configuration (including sharing) will be stored as a part of the Data volume, where “normal” security measures (file permissions, SIP, etc.) apply.
The only issue here is that when system updates are installed, the only way to apply them to your bootable backup is to boot it and run Software Update from there. But you don’t necessarily have to do this. Any of the following should work fine:
Never update the system volume on your backup. If your internal storage fails, you won’t be running from that backup. You’ll boot it and then use it to re-image your internal storage (assuming you could replace it) by installing macOS, then restoring the Data volume.
Occasionally update the system volume. When you think it appropriate (maybe by a calendar/schedule, maybe after a major OS release), boot the backup and run Software Update to bring its System volume up to date.
Only update the system volume when you need to start using it. If your internal storage fails, boot the backup and run System Update to bring its System volume up to date. Then use it as normal until you can replace the computer or its storage device.