Then there must also be some authoritative, central places for distributing the client as well, these sites have to stay up and running as long as the network is, when billions of dollars are at stake or the governments get involved I don't think they will hold up so well.
That is true for bitcoin too. The point of signing the checkpoint is so that v1.0 clients will accept blocks after the checkpoint time.
The software could simply be set to refuse to accept new blocks after a certain height. This would fork everyone to update at the same time, which has security implications.
There is no difference between having the dev sign a new client and simply sign the checkpoint. Signing the checkpoint used up much less bandwidth.
Once the checkpoint has been passed, all clients, from the original dev or others, will simply hardcode the same checkpoint for the 50,000th block.
The checkpoint is part of the protocol.
Yeah Bitcoin uses checkpoint too, but as you have pointed out with a "headers-first" approach we probably can get rid of that, and I can even download the blockchain and check the difficulty first using torrents, without connecting to any node.
I think they will probably leave them in though.
With headers first, they could change them to a lower limit on work.
If the current chain has a certain amount of POW built in to it, then any possible future chain (including chains which fork) must have more POW than that chain. Any chain which doesn't is, by definition, a low POW chain.
If the client downloads a chain with 1% of the POW threshold, then the client will assume that it isn't a valid chain. It would display "syncing to network" or something similar.