Chrome is experimenting with something called Expect-CT[1], which allows site operators to indicate that only certificates with valid SCTs should be trusted. The implementation is quite similar to HSTS. It's report-only for now, but will probably evolve to something like Require-CT (i.e. CT enforcement) in the future.
Sounds like the right way to go. Thanks for the pointer.
As these things develop and become increasingly security-critical parts of the protocol, it would be nice if programs like libcurl and other HTTP client libraries gained support for them.
[1]: https://docs.google.com/document/d/1VDtHiKa5c96ohP_p-V1k6u83...