One thing to note is it can be a bit tricky to get first party xbox one/series controllers to work wirelessly via bluetooth. Aside from that, xbox controllers work great. I don’t have any PS controllers, so I can’t personally speak to those, but they should work perfectly fine as well.

policy control

It’s not exactly the same, but you could use puppet to enforce configuration

Software Center with software allow lists

You can setup a custom repository with only approved software and then set that as the only one that the system is configured to retrieve packages from. This can also be controlled via puppet.

controlled OS updates

Same as the previous point. Upgrades are installed from the repos.

zscaler

I don’t know what that is/does, and their website isn’t helping.

software detection tool to detect what’s been installed and determine if any unallowed software is present

I’m pretty sure carbon black app control has a linux version.

antivirus

There are a number of different antivirus solutions for linux. A quick search will give you a bunch of lists. I’m not personally familiar with any of the options, but I don’t imagine it will be difficult to find one that will work for your use case.