The analogue hole makes this all pointless. Ultimately at some point down the chain there's regular camera sensors that can be replaced with anything you want.
Exactly. This won't stop any determined bad actor, if anything, it's just going to boost their credibility when they inevitably come up with a bypass that allows them to sign any piece of media as "authentic" (in a few days or weeks after a device implementing such a scheme is released).
What then? 99.9% of honest actors are paying with their privacy[1] and usability again, while remaining 0.1% of dishonest actors are using a bypass - which sounds a lot like piracy and various DRM schemes. We've been here before, and it never works.
[1] While this might not be an immediate goal, I think it's pretty obvious any such scheme would eventually be corrupted to encode a traceable device ID into every photo and video taken with the device - to protect the children and stop CSAM, of course!
Hmm, how about watermarking the photo with some function of the OTP? (like bit steganography; invisible to normal human use)
Seems to preserve easy checking by device manufacturer, but not immediately clear to me how to replace the sensor in a way that gets a signed image.
And if it seems like a bit of trouble, I think it's still worth consideration by the manufacturer, as a feature for their images and support of a community of users who want to produce images that can be so validated