If wsrep_certify_nonPK is enabled, then Galera will certify transactions for InnoDB tables with no primary key. wsrep_certify_nonPK is enabled by default, so this is actually the default behavior:
With Galera, it is not necessarily safe to define tables that have no primary key. Perhaps if wsrep_certify_nonPK is enabled and if log_warnings is set to >=2, then MariaDB should write a warning to the error log if it certifies a transactions for an InnoDB table that has no primary key. e.g. maybe it could look like this:
[Warning] wsrep_certify_nonPK is enabled, so Galera certified transaction for table db1.tab, which has no primary key. For optimal performance and consistency, it is recommended to define a primary key for all tables that Galera writes to.
If we add a warning like this, then we should probably limit the number of times that it gets printed, so that it doesn't flood the log.