Linux requires root for raw sockets, which _can_ be used to send pings, but also numerous other things.

The trick used here only allows pings. This trick is gated behind other ACLs.

It doesn't.

For users in the UID range in sysctl `net.ipv4.ping_group_range` the normal ping command uses this non-root way.

Sure, maybe your system still sets suid root on your ping binary, or shows it adding `cap_net_raw` according to `getcap`, but mine does not.