Every full node checks the validity of the coinbase transaction. SPV nodes currently don't, but they could if we switch to using Merkle sum trees.
The power that miners have over the network is strictly limited to choosing the transaction ordering. Their attacks are limited to denial of service (mining empty blocks), double spending (chain reorgs), and censorship (selective rejection of transactions for political reasons).
But even this rests on the assumption that the folks running non-mining, verifying nodes are economically significant enough as a whole to resist miner fraud.
You're right, it is up to every full node to validate the blockchain, but to implement a change in the blockchain, you don't need the majority of users, or miners. You only need the majority of mining operators. Once they adopt a change, they can prevent everyone else from using Bitcoin until they comply with that change.
If the majority of mining operators (a very, very small minority of people) said "In order to spend Bitcoin, you must pay a 10% transaction fee (tax)." People would bitch and complain, but rather than letting go of their Bitcoin, they will comply with the new rules. If they decided to set Bitcoin on an inflationary tract, who's going to tell them differently? Uncle Joe, who's entire net worth is measured in Bitcoin? I don't think so. 90% are Uncle Joe, 10% will be cheering because their account balances will skyrocket!
Don't underestimate the general apathy of the people, it's a powerful weapon in the right hands.
You're seriously oversimplifying this scenario. The dynamics of such an attack are economically and socially complex, but if you think deeply about it, I think you'll find that defences can be mounted that would eventually bankrupt the attackers. Though it would be messy while it played out.
You also don't seem to be considering the implications that this attack would have on confidence in the system, if successful. It's essentially an existential threat, and giving in simply isn't an option.