When deciding which MCU to use as the core of this Gateway, there were a couple of things to consider...

• Lots of RAM/Flash for TLS: TLS libraries need lots of RAM and Flash to establish a connection. This narrows down your possibilities to some expensive MCUs because generally speaking the MCUs with lots of RAM and Flash are also the ones with lots of (maybe unneeded) peripherals.
  The Raspberry Pico comes with 2MB of Flash and 256KB of RAM which is more than enough to use any modern TLS cipher. It even has 2 Cortex M0+ cores which give it a good price/performance ratio.
  The overall price could further be reduced by using a smaller Flash chip (it is external to the RP2040) and by replacing the Buck regulator (RT6150B-33GQW) by a cheaper version.
• Fast TLS: When you look for benchmarks in the internet to see common connection speeds (1-30 seconds), you could stumble upon this e.g. https://forums.mbed.com/t/slow-handshake-for-mbed-tls/5648/6 - 1.2 seconds on an STM32F4 @ 144 MHz for a TLS connection using ECDHE/ECDSA. So even using a high performance Cortex-M4 MCU does not get you below 1.2 seconds.
  Canique Pico Gateway does get below that number (screenshot in the gallery) using an RP2040. Clock speed is crucial here.

Initial Requirements:

The minimum required Flash should be 200KB (100KB was expected solely for the TLS library). Currently the image has a size of 251KB.

The minimum required RAM should be 40K. Currently the TLS layer alone uses a static 50K of RAM.

Hardware encryption and/or a hardware RNG would be a plus (unfortunately RP2040 does not have either).

Still the price/performance of the Raspberry Pico was so good and the availability much better than the rivals (like STM32G0B0CE or STM32G0C1KC), that I opted for the Pico.