It’s probably not as hard as you think:
The federal government cannot say for sure how much of the more than $900 billion in pandemic-related unemployment relief has been stolen, but credible estimates range from $87 billion to $400 billion — at least half of which went to foreign criminals, law enforcement officials say…
“Organized crime has never had an opportunity where any American’s identity could be converted into $20,000, and it became their Super Bowl.”
I have only napkin sketched this so not 100% sure, but I think the govt could use a connector output to prevent spending on the path with the compromised key, forcing transactions to go through a secondary path with a backup key that the govt keeps offline until it is needed for a situation like this. The govt can prepare an arbitrarily large number of such paths in the emulated covenant tapscript. In the mean time, the attacker still needs to compromise the end user key in addition to the cosigner key, so as soon as compromise is detected the govt can alert users to roll their funds over into a new covenant with new cosigner keys.
In any case I do agree that with new opcodes the system becomes easier to manage. My argument is, despite that, the limitations that exist today seem unlikely to be critical impediments for tyrants (and there are credible alternatives if the cosigning method does prove to be too cumbersome).