Plesk support has flagged this issue as a new bug:
"It was confirmed that no write operations are attempted at all by the Plesk auth driver, however since it is indeed unnecessary for the initial opening to be attempted with RW, this behavior is now considered a bug with ID #PPPM-14865. // The bug will be resolved in future versions of Plesk and you can track the progress on in the Change Log for Plesk Obsidian."
My plan is to keep the SELinux rules as is, and wait for the bug to be fixed.
Regarding high CPU usage caused by the constant execution of setroubleshootd, I was able to disable setroubleshootd by setting "active = no" in /etc/audit/plugins.d/sedispatch.conf, and then restarting auditd via:
%sudo systemctl kill auditd %sudo systemctl start auditd
Now SELinux logs the denials in /var/log/audit/audit.log, but SETroubleshoot daemon is not activated.
JC