Replace the message challenge of "to_spend" with a 1-of-N standard P2WPKH multisig. N is the number of people you want to be able to create the signature, and their respective pubkeys are included in the script.
Just use P2TR and reveal one of N TapScript branches, then all other public keys will remain hidden. Also, if you have 1-of-N, then you have two cases:
1) you don't care who signed the message
2) you want to know, who did it
In the first case, people could spend by key. In the second case, people could also spend by key, but include a commitment in R-value of their signature, then it would be possible to check, who signed that. Unless you want to force that, then you can force people to spend by script, and place N-of-N key to allow spending by key if all people will agree.
Yeah, like I said, this is a good idea and I will study how P2TR spending works. I just had a dive into BIP341 this morning, and there's a lot of stuff to go over in there.
I just have one question about Taproot branches:
When you're making a witness stack, the public keys for the other cosigners don't need to be on the stack? [that's really the only way I see the keys being hidden, unless I'm missing something here.]