Does this always represent the pubkey or pubkeyhash of the address of an output? Is there a way to do a comparison against a “friendly” address, as in “addr1…”?
Not always, because it could represent the hash of a validator if the output is to a script instead of to a public key hash. It may or may not also contain a stake credential.
To compare it to a human-readable address, you could serialize it to Bech32 with the proper prefix and compare the strings. Alternatively, you could deserialize the friendly address and then compare. It would be tedious to do that in Plutus on-chain code.
Thanks for another great reply @bwbush ! As I suspected, I will need to skin my cat another way