It's not part of CT, nor does it fully solve the issue, but you might also like Certificate Authority Authorization. CAA allows you to publish what CAs are acceptable for your domain via DNS. CAs shouldn't issues certificates against that. Of course that doesn't protect against a rogue, compromised or coerced CA, but it does protect against phony requests to the CA.
As you said, that only protects against CAs that follow the CA/B Forum Baseline Requirements that require they check CAA at issuance time.
If a government was coercing a CA, they'd just tell them to disable this check. If this can be proven it's grounds to start the distrust process. At the very least, they should fail their next WebTrust audit.
