Feature Request: Password protection for flashing unlisted ROMs

Flashing ROMs that either not signed or their signature is not listed neither by the owner or the manufacturer is an evil maid attack danger that hesitate public users from using open source phone (They want open source devices for transparency but they have security concerns)
You should add ability for the user to password-protect flashing ROMs if their signature is not listed in whitelist