i find BIP322 generally bad because it is focusing too much on how it can use the bitcoin core code-base instead of coming up with an algorithm to sign messages in general. in fact i believe that is why it is using a field called "witness" in a message signature where it is not needed at all.
this may be the reason why it was not adopted even though it is ~2 years old.
"Derive the private key privkey for the scriptPubKey". I just don't know how this is possible, it should be impossible to derive a private key from a scriptPubKey of a multisig for example.
it is either talking about "fetching" the private key for that script from the wallet or it is referring to the "ephemeral elliptic curve key pair" usually referred to as "k" for the signing process.