Theoretically they can, in practice it’s less than ideal. And that doesn’t solve all the other distros or the combinatory explosion of supporting several distros and versions.
Flatpaks on the other hand give you a single runtime of your choice to worry about (though they still have lots of cons too).
TLS certs can have one level of wildcard (even let’s encrypt supports this), and creating subdomains programmatically is not exactly black magic - the main blocker from the technical side is that the code to update the DNS is usually not portable between providers, so it’s not adequate for a federated open source project.