I figured it was something like that.
For what it's worth, at least on my system (I'm running OpenSUSE Tumbleweed), it looks like mice are accessible only to UID=root or GID=input, so there's no risk at all there. The X Window System display manager has them open, not the user. I'd be mildly surprised if there are any Linux variants that allow unprivileged users direct access to mice. (Only "mildly," of course, because there are so many wacky variants.)
Why not *permit* access to everything but use your heuristic to limit automatic usage? In other words, if it's missing an absolute axis, then it still shows up in the drop-down list of devices that someone could configure, but it's assigned no functions by default. (And, perhaps, if you wanted, the GUI could warn something like "this device exists and we can read it, but we don't know if it should be used, so it's unassigned by default.")
Even better would be something to notice that permissions deny access to things in /dev/input/by-id/, so they can be reported in the GUI as "we know this is here, but the OS isn't letting you have access; see <insert-doc-reference> for details." That would have saved me -- and quite a few other people -- a lot of time when the CH Pro Pedals didn't work on first boot up.
By the way, thank you again for your clear and to-the-point response. You've earned another sale for XP11 ... as soon as I can get home and place the order.