A simple approach is to use the bytes of the user’s principal ID itself as the derivation path.
Each user has a different principal ID, so the derivation paths will be different. Moreover, the derivation path doesn’t change if the user keeps using the same principal ID.
The ecdsa_public_key function returns a valid public key, which can be converted into a Bitcoin address, for any derivation path in the form of a byte array. So you don’t need to worry about any formatting of the derivation path.
With respect to the mapping to a canister-controlled (ledger) address, you can use the user’s principal ID as the subaccount to derive a ledger address.