I think its quite hard to prevent merge mining automatically because people can steganographically watermark bitcoin tx. eg they could make a multisig where the second sig is not a pub key but a hash of their chain.
However miners could try to find them and block them via whack-a-mole as all users on that network need to know the decoding trick for the stego. As chains dont tend to be secret society things, that could actually work somewhat.
One objection is that (as in the "benevolent 51% attack that I outlined before) the miners would have an immediate incentive to merge-mine the altcoin, namely collect its block rewards and fees.
As you say, the use of the BTC chain to secure the GNC chain has to be public, but it may not be possible to detect it in time. For example, suppose that, in order to sanctify a block B of the GNC chain, some GNC node must insert in the BTC blockchain the string y = (SHA(B) XOR x), where x is a random 256-bit string; and then publish the string x, only after that transaction has been confirmed. Then the BTC miners would have no way to detect that the string y is a GNC hook before confirming it.
Other variants are possible. For example, y can be SHA
n(B), where n is (say) 2 trillion. Then anyone with a 1 GH/s machine could recognize y as the hash of B in ~30 minutes; but no one could do it in much less than that time. Even if the BTC miners were to run the check in parallel with block mining, it would delay the first confirmation of a trasaction by 20 minutes, and would force them to waste a significant amount of mining work.