Exactly. So one can create a signed hash if the definition is as you describe - a two step process.
The second signature is not the same as the first signature, it is a different signature. If you included both signatures, then the second signature can be malleated because it did not sign itself. The first signature cannot be malleated.
Other signing protocols do exactly this by signing messages with a "placeholder" field and then inserting the hash afterwards.
That is what Bitcoin does too. The output script is put in the scriptsig for signing.
I don't think you understand how signing works. The signature is generated from the message (in this case, the hash of the unsigned transaction serialized in a certain way). That message cannot include the signature itself because the signature does not exist yet. Including the signature changes the message, thus changing the signature. Thus it is impossible for a signature to sign itself as doing so will inherently change the signature.