Answering my own question... I found this page with instructions for disabling 2 factor authentications (though I shall put it back on later, no doubt, after setting up outbound email). One of the pages, or a  prompt I had previously seen stated flat out that TFA could not be disabled in 2.4. So I guess I ought not to believe everything I read.

One more addition to this thread... upon entry to the admin gui, after having disabled the two factor authentication entirely, most of the controls in the admin gui are disabled... in all scopes. Now, that may be due to the note that I referenced previously (from the 2.4 release note):

Two-factor authentication (2FA) is now required for the Magento Admin. Admin users must first configure their 2FA before logging into the Admin through either the UI or a web API. 2FA is enabled by default and cannot be disabled.

If indeed it is the case that these controls are disabled if 2FA has been globally disabled, that needs to be documented. The note about logging into the UI to set up 2FA is also an impossible task for a new install without having previously used the command line. And my note above regarding setting up the mail server (which is currently a set of disabled controls) still stands. Although I set up sendmail on the server, and am able to send a mail from bash, Magento cannot use it.

I've often thought of myself as a paranoid network administrator, and set any security related items to a very high enough extent that my users sometimes complain; but I don't set security to the point where I lock myself out.

Not sure how I shall proceed. I'm thinking of wiping 2.4, installing 2.3, get email and security set up the way I want, and then upgrading. But if anyone has any suggestions, I'd love to hear them.