There is no value in this "attestation" for me as a user. I want to be able to do whatever I want with the browser (for example, remove ads or block access to canvas and webgl) and I want sites to be unable to know this. And probably this attestation will provide additional fingerprinting signals which is what I don't want.
In theory one could imagine a scenario like a bank website refusing to be accessed unless the entire OS & browser stack pass attestation - as that would rule out things like keyloggers, malicious browser extensions, and session hijacking.
In practice it'll just be used to lock down content and force unskippable ads on users, of course.
The important part is that "malicious" isn't up to you to decide anymore; if you have any "unapproved" software that acts in your interests and not others', this could theoretically be used to lock you out too.