I could not track down which guide was used in early 2018 when i migrated the data directory from /var/www/owncloud/data to /usr/new/nextcloud/data/directory, in my archived docs I only found https://docs.nextcloud.com/server/12/admin_manual/configuration_server/harden_server.html#place-data-directory-outside-of-the-web-root which says it’s recommended to store user data outside the web root. Possibly it was Is there a safe and reliable way to move data directory out of web root? but I don’t remember, it’s been a long time - and not really that important. Recommendations change over time, don’t they.
Anyway, using HowTo: Change / Move data directory after installation worked fine so far. Not as smooth as expected, but overall fine. @MichaIng is doing a really great job over there, thanks once again.
php8.4-fpm overrides have been reverted, everything back to standard regarding PHP-FPM hardening settings, no excludes anymore.