That’s a tough call Rewt0r… You could easily formulate two arguments.
(1) Syncthing ID should be associated with a machine, and not a user. This would be in line with the fact that the .pem files are not password protected / encrypted, etc. So the ID is unique to a particular IP. That means only one Syncthing instance can run per machine, and it runs for ALL users on that machine. Each user could access sharing for the other users on the same local machine.
(2) Syncthing ID should be associated with a ‘machine AND user’ … This makes more sense for non-personal machines… For example, a work computer, whether there might be a day shift and a night shift, with two different people. In this case, you’d want Syncthing to be specific to your files (the day shift for example), and not accessible from other users.
I think #1 (install for all users on a ‘machine’ level) makes more sense overall. It also means minimal / zero changes to the code base, and thus less work involved. Plus – Most people are not going to be running a file sharing app like Syncthing on a shared computer. But I’m sure there will be a sub-group of users that prefer option #2.