One use case for the requested feature could be if you give your phone to less tech savvy friends or family members and worry that they install something by mistake. For this you could create a user or guest profile with disabled app installation permission, which is the overall much cleaner and more secure option.
All in all the security model of AOSP and especially GOS is more advanced compared to a desktop OS. You can always check the list of all installed apps, and auto-updates are only working from the source you already confirmed the app installation.
hdishs is there a specific reason you'd like to add passwords to app installation or do you just worry about security in general?