surely this could be a software fix: tell usb driver to use special mode that is only allowed to use data line to negotiate power levels, before you plug into an untrusted power source.
Now you have to trust the driver. And depend on there not being "test modes" in the hardware that can be turned on (USB 3.0 is a pretty complex beastie; frankly, if I were a spook agency I'd want to have doors in via seldom-examined ports like USB).
That special mode code and negotiation code is what malware authors will target.
For hostile / high security environments, I'd rather have it in a special charging-only hub (good luck pwning such a device) that physically lacks the data wires on the output socket.
