I'm not hand waving it away, I was saying you weren't aware of (or decided to ignore) current solutions, you were ignoring the alternatives and currently available software that goes half of the way.
You're saying it like it's nearly impossible to do, here, at Let's Encrypt's forum. I hope you are aware that most of what you're describing had to be implemented for TLS certificates as well.
How email clients decide to finally integrate ACME clients is up to them, it would take time obviously. But it also wouldn't be long until the first. Issuance is one thing, "key vaults" another, but password managers are very much here already - it absolutely wouldn't be difficult to extend that.
It's utterly ridiculous to expect perfect infrastructure to exist to support a thing that doesn't exist, then use that lack of infrastructure as a reason why not to provide that option. I won't accept circular reasoning as to why something can't be done.