So my understanding is that debugbar loads all information on every page load, even when the debugbar is hidden. This is a huge performance hit. Also if you turn it on, from what I can see, briefly looking at your code everyone who visits while you have it turned on can see it. HUGE security hole.
I'm not sure you can reliably use this in a production env without taking a huge performance hit because of the loading process. Sure you could do a middleware to turn it off and on but it's not truly turning it off and on. Could also add to the middleware so that someone with an admin role is the only one that can see it if you do have it active.
I already went down this road and did the middleware and wrote my own switch to enable/disable. You still can't get away from the performance hit. Did you solve this? Barry was working on a solution to this last year or maybe 2 years ago but I've not seen any updates on progress.
In project README I only sugges include Provider and Facade, and build a custom middleware for enable. By default my package Provider load Debugbar disabled, at least you set debugbar.enabled config to true or null (in this second case the provider check app.debug config)