While I agree with your posted draft policy to check with Google before issuing a domain certificate, and while I understand your reasoning that CAs should not be in the business of certifying domains or websites as being free of phishing and malware, I think you must have a customer interface for complaining and checking on complaints. Verified complaints must lead to revocations and other actions. The interface must also support creating a trusted user category to help with policing. By soliciting feedback from users, and by elevating some users to trusted roles, much of the burden of policing can be lifted from Let’s Encrypt staff and handled by the users themselves. Most of the cost of such a scheme will be in doing a really good design for this complaint and management interface, but again the users can be involved in reviewing the design, much like Internet RFCs are reviewed, although perhaps less formally so. I would suggest have an initial design for this functionality, with a lifetime of perhaps a year, and with an overlapping design effort for a second-generation functionality that would replace the first interface. My reasoning is that all significant software designs need at least a second version, to fix all the limitations of the first version. It was Don Knuth, the computer scientist, who suggested rewriting large systems after they had been in use (at least for Alpha testing) for some time.
In general, the trusted and expert user community will probably start small, but within a year or two may become quite large. This is another reason why a planned redesign will likely work well.
I hope these suggestions are useful to stimulate thinking, planning, and policy.