I don’t think you want to use the parent child relationship for this. A single Temporal workflow instance cannot support 500k simultaneous children.
So you have to start all the children as independent workflows. Each of this workflows would signal a “semphore workflow” to get permission to run. Upon receiving a response signal with permission the rest of the job is executed.
The semaphore workflow would receive the signals with requests and grant permissions with reply signals. As the state is too large to keep inside the workflow it would need an external DB to store statistics and the request queue using an activity. Then use another activity to decide which job should be granted permission based on the db data.