Let me take this in hand part by part.
Why an end-user that buys an Android machine cannot is is not allowed
to have full access to it (aka root acccess), except through
unsupported and dangerous hacks that grant root permission.
Plenty of reasons:
That way, the manufacturer makes sure that you can not harm your phone's software in a way that is beyond saving.
Lots of bloatware you see on your phone are there for commercial purposes. If a manufacturer literally lets you take down the app they get paid to place there, they won't get paid for it again.
Even most people who intentionally root their phone don't know what they are doing, and what the root user is capable of. Giving that kind of a permission to an average user is dangerous.
Manufacturers want to restrict the power of your phone so that they can sell you a better phone in the future.
List goes on.
An Android phone is a Linux machine after all, so what is going on?!
Linux also has the same security methods. Except that root user is available to user. However, we have to accept that a smart phone and a computer are for two different purposes, even though they are the same fundamentally.
I've
read that people seem to say there is a malware risk, but isn't the
risk just as high on a normal PC?
No, just no. A normal PC is so much more open to malware attacks. A rooted malware can literally hard-brick your phone for good. Even though there are some exploits malwares can take advantage of and gain root, new security features like SELinux makes it harder for them. So comparing a PC and Android based on means of security is a flawed way of thinking.