To be honest my intermediate solution looks like this:
I do understand the idea of settings a non secure IRQ as pending, but for what I am doing it seems to be a lot of effort without any benefit. I have more than one security related drivers on the secure side and expected them to unblock tasks via callbacks. Those callbacks can change depending on the piece of code currently using the peripheral. With the NS_IRQ solution I would need to implement all of their IRQs also on the unsecure side and I would need to invent a way how I can get the info about the callbacks address (yet alone arguments for that callback) to those IRQs though the Trustzone.