There is NIP that specifies key delegation: publishing a note that gives a certain client app permission to sign notes for you. That permission can then be revoked at any time in case the app is compromised.

Regarding the storage and usage of the private key:

Hardware wallet that signs events and delegations > Native containes apps where private key is hot > browser extension that contains private key and signs events > pasting private key on webapp