Hey just to ptich in my two cents. Our shop is running a very similar setup (Enterprise FinTech, MAU is around 100-200m across all sites), with Ubuntu and Rocky on k8s with all workstations running MacOS and Windows since compliance policies are easy to apply to both. I can vouch for Ubuntu LTS given other options. Doesn't require a support contract, really solid security patch cycles and everything runs without issues.
Also unsure of using Linux as a workstation solution since at the time of setup, all the viable distos required you to either manually roll a compliance solution, or use their specific sometimes built-in solutions (see RHEL). That may have changed in the passed few years though.
Yeah this along with Neoseeker have been my go-to for decades now