Authpf(8) is a tool included in the FreeBSD base system - but not included in OPNsense - that can be used to configure dynamic network access based on successful SSH login for added security when using OPNsense as a bastion/jump host. Since authpf is part of the FreeBSD base it should work more-or-less frictionless with pf from CLI for advanced usecases (GUI controls could be developed but probably not worth the effort).
I suggest authpf to be included in OPNsense to be used if needed.
It looks like a viable plugin project since all you need is anchor registration into main pf ruleset which has been pluggable since forever.
Cheers,
Franco