Sub-optimal R_MORELLO_JUMP_SLOT semantics
Currently, R_MORELLO_JUMP_SLOT is identical to R_AARCH64_JUMP_SLOT in terms of the initial in-memory value provided by the static linker, with the first 64 bits being the VA of the PLT header (and the remaining bits being 0 to pad to capability width).
Instead it should reuse the same fragment format as R_MORELLO_RELATIVE, allowing the static linker to request bounds and permissions from the run-time linker (currently we have to be extremely pessimistic) when lazy binding is enabled. This would also align naturally with R_AARCH64_JUMP_SLOT, which is treated the same as R_AARCH64_RELATIVE during the initial relocation pass.
This would be a backwards-compatible ABI change under certain limited circumstances. R_MORELLO_RELATIVE still has the 64-bit VA in the low bits, but despite being called the "address" in aaelf64-morello it's really the base, with the offset coming from r_addend, so if the layout is such that you'd need a non-zero offset then it would be mis-interpreted by a linker written for the old (completely undocumented) semantics.