Solution 1:

Rather than use the catch all (/{document=**}) and then filter, just filter at the match statement instead:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /root/db {                <-- change it here
      allow read, write: if true;
    }
  }
}

While this works, you should further restrict the rules to limit the shape of this document. If your database is all based on a single document, consider the RTDB instead as it provides finer grain controls over the data in the database.