My uninformed opinion:
Having dom0 available in a repository seems to go against the idea that dom0 is sacred and should be subject to as few attack vectors as possible before installation.
Given the limitations of the distribution infrastructure, it should only be installed via a signed and (triple) verified ISO–preferably burned on a disc.
If your dom0 gets compromised it would make much more sense to wipe your drive and re-install your OS. The more paranoid might even want to abandon that machine for fear of firmware tampering (which I think someone who can get to dom0 is capable and likely willing to use).