Allowing the user to contribute entropy to the private key generation creates a weakness if they can gain information about what they contributed.
That's exactly why I asked! Randomness should be system-provided and then what the user should be responsible for deciding is the amount of security they will provide upon this randomness using a strong encryption password.
You don't want to give the user any control of the address, so private key generation must be completely out of their hands. I don't understand the point of giving the user the ability to determine the level of your security.
Maybe 2-of-3 multisig is the approach you are looking for. You have 2 keys so you have complete control, and the user has 1 key so they can spend with your approval.