Are there any techniques for achieving secure shooting mechanics for multiplayer from a coding perspective (i.e. not from anti-cheat tools scanning memory etc.).
For movement there are well known techniquese like client replay (e.g. as in the character movement component) that if implemented properly prevent stuff like speed hacking, going through walls and so on. This works because the directional input of the client doesn’t hold a lot of potential for cheating. If I modify my executable to move my character left when I press right that could theoretically be considered cheating but it doesn’t give me much of an advantage in the game. However, in multiplayer shooters the input control rotation holds a lot of potential for cheating… The server also needs my control rotation to know where I am shooting/looking so the control rotation has to be sent. The server can prevent some cheats by retracing the shot and check whether I actually hit somebody (server-side hit detection) or can check whether the shot was blocked by something so I can’t shot through walls etc. But if I inject code so that for example my control rotation always points in the direction of the nearest pawn’s head (which is very easy to do) the server has no way of knowing whether I cheat or not because that is actually a valid input. I don’t see any way to prevent cheating in that scenario. Am I missing something here? Is that the reason why games like Valorant use such an intrusive anti-cheat program, because there is no way to make shooters safe through careful coding?
Valve, Blizzard, and Activision cannot stop cheating even with $ billions worth of resources and armies of programmers. You have no chance. I’d worry about your game getting popular enough that anyone would want to cheat first. 
Making all player actions 100% server-side makes it only “somewhat” cheat-proof. Data required for rendering still allows aimbots and wallhacks.
Even if you went so far as: (1) client only sends inputs, (2) server renders what the client sees and only sends an image (basically Google Stadia) image-based cheats are still possible and so is automation …
Sure, you cannot stop cheating, the best you can do is make it harder to cheat. Making “image-based” cheats as you call them is non-trivial and not anyone could just do that. Adjusting the control rotation takes just a few lines of code. This is different and is specifically a problem of shooter games or any game where you can gain an advantage by aiming well, which seems to make them unsafe at a far more basic level than other games.
There is no Hack-proof way to make an online game unless you 100% control all the hardware and software (such as a tournament). And even then you have to watch and make sure no one is sneaking software on the PC’s, etc.
Arguably if the consequences for cheating out weigh the benefits (lifetime bans, removal from tournaments/prize pools, etc) - then it helps some way, but even still - some people just like to cheat for whatever reason.
Fortnite has 2 (or 3?) expensive anti-cheat solutions yet for $11 bucks people still can cheat on the game.
If the game is Free + popular, it’s a cheat fest.
That may be the case but you can still increase security so that not just anybody who can download cheat engine can cheat in your game. I don’t know about Fortnite but if you have to pay for those cheats they were probably developed by professionals. Companies don’t write thousands of lines of net code if it didn’t pay off in some way. The character movement component could literally be just half as big if Epic just let the client send all the data without security checks. They don’t do that just for the heck of it.