It seems to me that the issue would fixable by introducing a new API, let’s call it with_secure_context() that would receive a function and execute it in timing-insensitive mode. Apple Silicon already supports ARM data independent timing feature which does this, the issue with gofetch seems to be that baling this mode does not correctly disable the prefetched. However, the prefetched can be disabled on M1/M2 by manipulating CPU control registers. This is why an API is required - the OS will ensure that all security features are correctly turned on.
As a final note, secure computing is hard. It is not realistic to expect that all code you run is completely secure and free from observable effects, and we shouldn’t try to build processors with such properties. It is however important that processors have a lower-performance secure mode to support these kind of operations. This is what newer ARM and Intel processors support, and it’s IMO the correct path forward.