So far the majority of enterprise customers deploy using Direct Install methods, and that's the way our consultants tend to do things.
There are improvements happening on the Docker side (mainly around Kubernetes) in the background, but without knowing more about the project in terms of size it can be hard to say if that would apply in the future.
But in terms of what you've put there there's a few flags. I won't go into all of the potential issues here (after all that's why we offer enterprise support and consulting), but in general I really wouldn't recommend unattended updates.
You never know when it's going to reboot the machine and take Mayan down. That could be for a few minutes, but if Mayan or Postgres don't survive that reboot then you can run into unnecessary downtime that can be avoided by having a maintenance window and patching the OS on a schedule. It's fine for a POC, but definitely not for production (and then of course the POC wouldn't match production).
Also, I wouldn't recommend keeping the database and document storage in the same directory. Separating out the DB from Mayan can help in terms of scaling. It also reduces risk if something bad were to happen. It doesn't allow for proper growth of Mayan over time we've seen that a few times before. Deploying things the "easy way" can cause problems further down the line, and that's before we get into potential issues with contention/IO.
You mention being able to submit PRs. Of course anyone is welcome to submit a PR! - That's the beauty of open source! But the project is under no obligation to accept them. For fixes like you suggest that's generally fine, but for larger ones that have an impact on users we won't accept anything that doesn't align with our strategic direction or causes a user impact to everyone else. Depending on the PR (if its larger or you're submitting frequent ones), you may have to sign the contributor agreement. For anything but minor fixes, you'll also have to ensure any code follows the development standards and rules
We're only able to provide some general guidance here though. Mayan EDMS offers a variety of different support plans, and also a plethora of consulting options as well. For something that's running in production at an organisation (especially something as important as Document Management or archival), it's always recommended to have support and someone to call if things go wrong. We can also provide more specific guidance on the proposed architecture based on the specific project, as depending on the number of documents and size of the userbase there's some issues with some of the items you posted. Always happy to have that discussion if desired