My idea is to have a different PIN for each user. This would allow logging of which user disarmed the alarm.
In my vision, this could be a field in the User Profile of HASS allowing each user to change their PIN whenever they want. Then in the config for
google_assistant, instead of a single
secure_devices_pin have a
secure_devices_user list. When a secure device requests a PIN, check the allowed users for that PIN and respond appropriately.