I keep seeing the main justification for SegWit being that it solved the sighash problem, where it ends with a hand-wave of "The signature script contains the secp256k1 signature, which cant sign itself"
Can someone explain to me why it can't sign itself? (preferably with an example)
Once the signature is created, if you were to include it in the message and sign it again, you would have a different signature. Having the signature in the message always changes the resulting signature so it can never sign itself.
Exactly. So one can create a signed hash if the definition is as you describe - a two step process.
This argument is also used for "scriptSig" -
"While signing the whole scriptSig would be impossible - the signature would be signing itself"
.
Other signing protocols do exactly this by signing messages with a "placeholder" field and then inserting the hash afterwards.