There is no way to deliver anything to dom0 in a secure and simple way.
You can use qvm-run as described in the documentation to copy files from a trusted domain.
This will get old if done often. A tricky, but very convenient solution would be to create your own yum repository. This will both allow you to use existing package management mechanisms and improve security using gpgcheck.