I think you are looking for OVERALL what are best things to set as far as these settings?
and along with that, what it the BEST way to enforce them?
I agree that setting this at INSTALL time is optimal.. but you can always have something fall thru the cracks (someone uses the WRONG clientsettings.cfg.. they don't use any clientsettings.cfg .. etc). So if those are your goals, then first is to understand what each setting does. Then determine what people consider BEST practice, good example ( https://forum.bigfix.com/t/patching-practices/15045 ) by @jgstew and others if you read the post.
After this, you do want to put them clientsettings.cfg during your roll out. I have NOT seen the on the Mac where it does not pick these up, but could happen. So for various reasons you might want to ENFORCE your settings by creating a Fixlet that runs as a policy (not ending) to CHECK the settings on each endpoint, and adjust if not what you want.
Below is a simple example to start with (you can of course check ALL your settings, and update the missing ones)
Note that was just checking for a single thing, but we could add checks for all the settings we wish to enforce. My point here is that you WILL have one-offs during the install process, so why not enforce your BEST practices with a policy.