Companies can bake the cost of one or two maintenance releases and maybe one or two years of security releases into the purchase price. I agree it's not reasonable to expect lifetime updates from a one-time purchase. As long as you're not doing heavy development on these maintenance releases, the company's cost should be very small.
As a user-developer, I'd also be happy with being provided the source (or un-linked object files, or the equivalent for whatever language being used) after the maintenance period was over, so I could continue applying dependency security patches myself.
Depends on whether the bugs are because of preexisting flaws or because the underlying platform has shifted. No one can predict the future, and even OS vendors who once took backward compatibility seriously may not in the future.
The design of MOST non-trivial products is refined over time with no expectation that older versions will be upgraded to the latest and greatest. Yes, material esp. safety defects can lead to recalls but this is relatively rare in the physical world.
