How do I create an SElinux policy to allow php-fpm to execute optipng?

Question

I am running Wordpress in Rocky Linux 9 and need optipng for some image transformation tasks, but it is being blocked:

SELinux is preventing /usr/sbin/php-fpm from execute access on the file optipng.

*****  Plugin catchall_boolean (89.3 confidence) suggests   ******************

If you want to allow httpd to unified
Then you must tell SELinux about this by enabling the 'httpd_unified' boolean.

Do
setsebool -P httpd_unified 1

*****  Plugin catchall (11.6 confidence) suggests   **************************

If you believe that php-fpm should be allowed execute access on the optipng file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'php-fpm' --raw | audit2allow -M my-phpfpm
# semodule -X 300 -i my-phpfpm.pp

Correct me if I am wrong, but I want to avoid doing something like setsebool -P httpd_unified 1 because my understanding is that it will grant pretty broad permissions and will let php-fpm execute any file labeled with httpd_sys_rw_content_t.

Also, when I run ausearch -c 'php-fpm' --raw | audit2allow -M my-phpfpm it creates a policy that would have the same broad effect:

module my-phpfpm 1.0;

require {
        type httpd_sys_rw_content_t;
        type httpd_t;
        class file execute;
}

#============= httpd_t ==============

#!!!! This avc can be allowed using the boolean 'httpd_unified'
allow httpd_t httpd_sys_rw_content_t:file execute;

This brings me to my question: how can I safely and securely let php-fpm execute /usr/bin/optipng?

Maybe the best way is to just do setsebool -P httpd_unified 1, or maybe I need to create a new type for optipng, like semanage fcontext -a -t my_optipng_exec_t '/usr/bin/optipng' and allow php-fpm to execute that specific type with a custom policy. I tried this but I can't get it to work.

Please let me know your suggestions.

Thank you.