Well, I got peer auth (the kind in which the Unix identity is used, so auth can be entirely key-based) working from my app to PostgreSQL but not between pgadmin and PostgreSQL. Had to give up and use a password for that one.
Now I can cautiously say my app can do stuff with the database, and I can inspect it in pgadmin4’s GUI. Configuration problems are way less satisfying than programming ones, but sometimes actually more important.
Also, I have become reacquainted with why Google can charge millions to big companies so that developers can just hit a button in some GCP web page to get all of this instantly.