netinstall should only be needed on very rare occasions.
Certainly, but when you need it, you need it bad. Having it fail on you in your time of trouble is super-frustrating. The last time I had to resort to it, it required two hours of futzing about, including driving an hour round-trip to fetch a spare Windows box to dedicate to the matter. Bleah.
Adding netinstall servers all over the place is like an admission or promotional advertisement from Mikrotik that it should be an everyday used function.
I suggested putting it under Tools in Winbox. There's not a single thing under there I use every day. It's the OS's junk drawer: where you go for the rare thing you almost never need, but which needs to be there when you need it.
this could probably be implemented as a container add-on, right?
A container would get you part of the way, but by their nature, they can't reach out and change how the host OS does things. (If they could, they wouldn't "contain" things very well, would they?) I'm thinking of temporary dynamic routing table updates to ensure that the 192.168.88.x temporary IP traffic gets back to NetInstall, for instance.
limited nand resources
The current Linux netinstall binary is 48 MiB, unpacked, and it's a statically-linked executable. If it shared the rest of the OS's dynamic libraries, it'd be smaller. Maybe even a lot smaller.
Still, I don't oppose making it a package. There's not much point in pressing every little mAP they sell into service as a potential NetInstall server. It's more of a core function, implying a bigger box.
That said, dedicating a cheap RouterOS box to NetInstall makes more sense than dedicating a spare Windows box to it, as the
current long list of configuration instructions encourages. Who wants to do all of that even once, much less undo it to get one's main machine back in action, only to do it again later the next time you need NetInstall? If it's that or spend $40 on a hEX Lite that does nothing else, I'm sure there are those that would happily do that.
remote netinstall...arrange someone to press a reset button
That sounds like a security nightmare. How would you prevent randos from uploading firmware of their choice? There's a good reason for the current reset button dance.
Your idea of automatic BOOTP when it detects a boot loop or similar is a tentative "maybe" in my book. I worry that it'd be too easy to force it into that state remotely, such as through a weak configuration, as we see with all this botnet takeover stuff. Replacing the firmware should most definitely be under strict control.