This is what I do - or rather I tell sudo that the user running Node-RED is allowed to issue the systemctl command without requiring a password. It is pretty secure for the most part if you only use that login for Node-RED, have a nice strong passcode and don't allow remote (SSH/VNC) logins for that user.
There is some residual risk from an attacker gaining access and then being able to swap accounts but it is pretty small if you follow standard secure setups which you should be doing anyway if you are allowing remote access to your device.
Slightly off this topic but just for completeness:
I now have one of my Pi's set up with a flow that will turn on a secure NGROK channel via a Telegram bot. I can use NR remotely then another Telegram bot command turns it off again so I don't need to leave it running. I configure NGROK to only allow HTTPS and I have an uid/pw set up as well. So you need to know the dynamically created URL and the uid and the password. I recon that is plenty of security for something that will only be online typically for maybe an hour very occasionally.