Your post made me contemplate how other entities want to be able to attest themselves (in your case the government wants to be able to verify the identity of its citizens). Moral and legal arguments aside, the way they are going about it is a bit sloppy in that they are banking their sovereignty on a third party instead of taking the reins themselves.
Instead of mandating google/apple signed applications, they could instead implement some specification for a secure enclave (or whatever fits their needs - I doubt they need control over the entire OS meaning there is plenty of space for pushback for people that want to retain their rights and freedoms for their devices). If you add some sort of certification based on an open standard that would allow any manufacturer interested in the market to be verified that the "attestation" for specific apps or secrets works, then it would no longer enshrine the current winners (apple/google) and instead allow for a healthier market.
This would only be a good thing because it places power with the government and not a third party (something surely the government would prefer), and allows things to be more in the open.
And in an ideal world the specific locked down portion would not need to be active or interfere with the rest of the operating system to some extent, so people would not be reliant on the manufacturers for their applications and would have the freedom of installing whatever they want and using the rest of their device however they wish.
I strongly agree, this is very possible and would be what a competent government should do. It would also ensure that they had a fallback that was guaranteed to work if a certain authoritarian ruler decided to suddenly use our reliance on Google and Apple for critical infrastructure as a weapon to put pressure on us, say if he wanted control of a piece of land.
It would also open up for some interesting and innovative competition in personal hardware security devices.