The camera's /dev/video file is kept open (without streaming), sadly causing the camera to be powered on what looks to be most devices. For some reason, this completely nullifies the soc power management on modern laptops and can result in increases from 3W to 8W at idle!
On Intel laptops it's a bit easier to debug because you can see the Cstates in powertop not going low but it also wrecks AMD ones. Some laptops can reach lower cstates, but the camera module wastes a few W anyway.
I can't believe this shipped in Ubuntu, Fedora etc without anyone noticing, and for so long. This bug is quite literally wasting GWh of power and destroys the user experience of distros in laptops.
If you have a laptop with a switch that detaches the camera from the usb bus you are probably out of the water, just plug it when you use it and the problem is sidestepped. Removing uvcvideo and modprobing it on demand can also work. Disabling the camera in Lenovo's UEFI is what I did for a year until I finally found the issue on the tracker. Some laptops also seem to not be affected, but for me it happens to every machine I've tested.
Thanks to this comment for another workaround that tells wireplumber to ignore cameras. ~/.config/wireplumber/wireplumber.conf.d/10-disable-camera.conf
Software that only captures cameras using pipewire is rare and this hasn't given me any problem. This should probably be shipped by distros while the problem is sorted out.
Note that most laptops will have other problems stopping them from reaching deep cstates, borked pcie sd card readers, ancient ethernet nics that don't support pcie sleep properly, outdated nvme firwmare... those are separate issues that most of the time can also be tackled with some dose of tlp, but it's all for nothing if the usb camera is keeping the soc awake!
From gathering info on their issue tracker, the act of opening the video file but not grab frames is some weird usecase that is acting in weird ways. Additionally, the indicator light is turned on by the uvcvideo driver in a lot of hardware (yes, an attacker can theoretically watch you without you noticing). A possible fix for this is would be in the kernel itself, which should basically ignore the fd being open and only truly act when frames are grabbed.