An example of a cooperative covert channel in Qubes would be abusing the CPU cache to exfiltrate data from an offline VM via a network-connected VM (e.g., sys-net). This is different from the scenarios you describe, though the scenarios you describe are additional ways that data exfiltration could occur.
You can read more here:
Also mentioned in:
Indeed, it makes such attacks more difficult and requires a higher level of skill from the attacker. Nothing is ever 100% secure, so making attacks more costly is pretty much the best you can do.
I was about to link to the same paper. 
Physical air gaps are not always superior! For certain use cases (particularly those mentioned in the paper), Qubes compartmentalization is arguably be more secure.
Of course, the converse is also true: There are certain use cases for which physical air gaps are more secure. The point is that it’s situational an depends on many factors. One is not always better than the other.