interesting but threat model unclear. If the attacker can force you to
enter one password after suspend, why would he not force you to enter
LUKS and user password 5 minutes later?
There are a lot of more attack vectors when system is booted and only
protected by xscreensaver.
The attacker can use some hardware backdoors, xscreensaver
bugs/backdoors/kill it to receive access: dump your memory on hardware
level, receive access to memory from vulnerable hardware, guess screensaver
If the system will automatically shutdown then there is only one attack
vector: LUKS password
There's no disagreement that shut down is more secure than suspended, but the devil is in the details. How exactly is it supposed to work?
1. Attacker forces you to wake up computer (e.g., open laptop lid).
2. Attacker forces you to enter password.
3. You enter incorrect password?
4. Attacker tells you to enter correct password this time?
5. Qubes shuts down because it's been too long?
Why not just have an alternate passphrase that, when entered, shuts down the PC (or, as you suggest, wipes the LUKS header)? Why a timer?
Perhaps the alternate passphrase, when entered, also sends out an SOS message?