studog A fixed unchangeable set of apps seems problematic in any circumstance, because this precludes the ability to receive security-related updates.
In the case of a $50 security camera, if the manufacturer isn't likely to issue a security update after a year, the effective security upgrade path would be replacing the device. But if the device is shipped with a path for installing additional code, that path might be abused, so it might be better to just not have such a path. For example, perhaps the manufacturer's update system requires ostensible upgrades to be signed, but the signing key is leaked (similar to Fairphone).
But the "Tivoization" argument isn't really about that. In the Tivo case, the device was locked down so that the company had a path for issuing upgrades but only the company could. In such a model, security upgrades from the company are not precluded. But this situation is viewed by some as intolerable, because some people want end users to be able to apply arbitrary updates to a device. This gave rise to GPLv3.
Overall, "locked down" doesn't have a single meaning. Some definitions of "locked down" are clearly incompatible with GPLv3, because GPLv3 was written expressly to conflict with those definitions of "locked down".
Meanwhile, there are multiple licenses that clearly do not conflict with any definition of "locked down".