Thanks for the thoughtful reply!
I believe the current setup can be generalized to achieve what you have in mind, by enabling more sophisticated ZK proofs to be used with the protocol.
Imagine that you can can create a taproot address that commits to a zk-verifier, and have the co-signers control this address. When spending from this address, you can prove to the co-signers that the spend is valid according to the committed policy (for instance emulating a covenant).
You can choose whatever proof system you want for this (even a TEE), as the commitment uniquely identifies it.
If the co-signers have a well-known public key, I think building some sort of reputation will be important. When you can combine multiple highly reputable co-signers (without the co-signers knowing about each other!) you can achieve very robust quorums.