Thank you for putting this together. A big +1 to this proposal.
I wonder why you think is better to enforce __is_valid_signature__ at protocol-level, instead of following an application-level standard for accounts containing is_valid_signature like the Starknet Standard Account.
I think the less we enforce at the protocol level, the better.