Re: What we would actually need...
BTW you can actually buy processors which are so tightly speced and so simple in construction that you can make reasonably sure there were no malevolent actors involved. The 6502, the Z80 or the ATMega microcontrollers are prime examples for this.
My recollection of reality was that many of such devices had unused opcodes which could be used for all sorts of fancy, undocumented and unintended things.
Of course, they could have been more tightly designed, invalid opcodes could have been prevented from actioning, rather than the designers not caring what the outcome was to ease the silicon design and its footprint
But I'm with you on principle. A minimal RISC should be easy to verify and should fly at clock speeds obtainable these days. But then we'll be back into the "more opcodes, with each doing more, would make it even faster" debate.