Well I'm coming from a USian perspective, so that prediction wouldn't have come true. But really, trying to contain contagious disease is a societal response with longstanding precedent, and implementing a digital ID like that is technologically easy (at minimum, it's just showing fields from a database). If you had predicted these actions because of a pandemic, it would have been plausible.
Meanwhile if you had predicted similar digital passes in 2000 it would not have been immediately plausible because very few people were carrying around a computer in their pocket. That had to be developed first by private industry, wanted by the consumer market, and the idea of having "apps" for various facets of your life socially normalized, before it could come to pass.
> The technology for remote attestation already exists
What do you mean by technology ? Yes the concept exists, and yes some implementations exist, and yes some are in the hands of consumers. But I wouldn't say the "technology exists" for general web browsing, in that it's available for a single actor, even controlling both ends, to decide to start using remote attestation.
> The main thing holding back such a scheme is that it would force a lot of legitimate users offline
Yes that is one aspect. Another aspect is the lack of implementations for companies to use to start demanding its use. Another aspect is that there has been no application of it to network access control. Yet another aspect is that the government does not understand they have this lever to pull until the trail is blazed by industry. In Y2K authoritarian government went "find a way to stop bad communications on the Internet" and their underlings went "uhh pull the plug?". In Y2020 there are many companies selling carrier-scale TLS MITM and other DPI gear.
All of these things take time. As I said, it has been over 20 years since the TCPA was founded, and you can see where we are. You can directly translate your arguments here to arguments about secure boot in 2000, and yet governments in 2005 were not trying to prohibit computers without secure boot. We had to take a long roundabout trip through a new device type of phones/tablets (for RA this could be security keys) for it to become palatable.
Only now that the market has gotten there on its own would it be plausible for a government to prohibit any device that isn't locked down with secure boot. Even so, it wouldn't be currently advantageous for the more totalitarian countries to mandate this, since they do not fully control the device's manufacturers. That is another progression that will take time before it's ready to click into place.