There is no value in this "attestation" for me as a user. I want to be able to do whatever I want with the browser (for example, remove ads or block access to canvas and webgl) and I want sites to be unable to know this. And probably this attestation will provide additional fingerprinting signals which is what I don't want.
In theory one could imagine a scenario like a bank website refusing to be accessed unless the entire OS & browser stack pass attestation - as that would rule out things like keyloggers, malicious browser extensions, and session hijacking.
In practice it'll just be used to lock down content and force unskippable ads on users, of course.
Even that use case leads to bad outcomes. I already have to jump through hoops to get banking apps to run on my rooted phone. Banking websites refusing to run on anything but Chrome on Windows is a likely scenario here, and that's awful.