Seems to me a limitation in signaling mechanism more than anything else. It can be solved by changing the activation mechanism to require a more obvious signaling than flipping bits that are often flipped for grinding in PoW (I hear).
Wouldn’t an explicit signaling of BIP number + OP_SUCCESS code, make it suddenly clear to oblivious miners that there is an increasing signaling for limiting an OP_SUCCESS behavior? in which case miners (or their software) can choose to not mine any transaction using that opcode, and favor building on top of blocks that don’t have it.
Again the signaling seems the solution here, a commitment to an exact release / implementation / commit prefix can be sufficient.
If signaling is explicit enough, they are free to choose whether or not risk it.
In the absence of explicit signaling, I imagine miners already try avoid OP_SUCCESS altogether for the reasons you explained, and probably would favor building on top of blocks that aren’t including OP_SUCCESS.
I am just saying this is not that concerning, and even if it was, the solution isn’t “calling it out”, the solution is miners doing what the need to do for their own sake, and maybe we should do a better job at signaling soft-forks unambiguously.
I would very much like to see a soft-fork before I die :’D… all jokes aside, I am mostly ignorant, but maybe my suggestion about clearer signaling method is the way to achieve that safer upgrade hooks.
Because, as it stands, miners are totally checked out, signaling absolutely nothing, maybe you think that is because nothing is worth signaling for (in which case why do you care for upgrade hooks?), or maybe there is something else needs fixing about the process.