TL;DR: Heads recently released a version a few months ago that allows for attestation of directories in the OS for tamper evidence. I think this to be an incredibly germane feature for Qubes, acting like AIDE for dom0.
While access to dom0 would likely be a be-all-end-all compromise, it is also feasible to imagine malicious actors whose actions could be thwarted, or at least mitigated by this feature. At the very least, it would mean that verifying the integrity of dom0 at boot would prevent compromise from persisting. I think that identifying directories that shouldn’t change under Qubes without user knowledge and consent would be a great thing to accomplish this reasonably.
That being said, what directories and subdirectories would be good candidates?