It should be common practise to run your every day computer life from a "normal", non-privileged user account. This way, automating UAC confirmations are impossible, given that alternative credentials have to be entered for the UAC to be authorized. Yet, you'll find that many people do not do this.
If the current user isn't an admin, they can't just click through UAC.
If they are an admin, they could just do this manually.
Either way, no privilege escalation, which "rooting" typically implies.
Sure, you could make a USB stick that automates any user input, but you could just make the same inputs yourself with the keyboard and mouse already at the machine. What kind of situation does this actually benefit you in?
This is a well-known mode of attack and some anti-virus software have protections against it: https://www.kaspersky.com/blog/weaponized-usb-devices/26495/
Even better, why not find people with a wireless mouse/kbd dongle plugged into their computer, then send radio signals mimicking their mouse/kbd to do the same thing? That way you don't even need to touch their computer or bypass the check on whether the USB device is preauthorized.
The reason you can't is because many newer wireless devices have encryption, but how many people know or care when they buy one?
I spent a not insignificant amount of time looking into this, but for the purpose of making a game AI, not for hacking other people's computers.
What stops this on Mac?
Nothing, really.
Here's something very similar to what you're thinking of.[0] There's a low cost alternative if you'd like to experiment.[1]
[0] https://shop.hak5.org/products/usb-rubber-ducky-deluxe
[1] https://sequr.be/blog/2021/02/attiny85-rubber-ducky/