actually having hard consensus rules again that are set to, for instance: limit witness to 80 bytes is a solution
Why 80 bytes? I expect some multi-signature address which use P2SH or P2WSH would unable to spend their Bitcoin if this limit is enforced on protocol level.
a one "for instance" of taproot.. you know the taproot promise of witness resembling a signal signature.. well enforce that promise
as for other for instances. multisig/p2sh. if needing a 5-of-5 then have 5x80
instead of the lame softrule of "go ahead take 3.98mb, we dont care"