The pool must be giving a unique block header to each individual miner as well, otherwise there will be instances of miners hashing the same things (providing the same work multiple times). Nonce is a field they change later. Is the merkle root different to each miner, or is there an extraNonce field which could be their pool ID e.g.?
Yes, there is an extraNonce in the coinbase transaction, Stratum V2 even allows the modification of the included transactions and thus a completely different Merkle root, a pool like Cksolo would have both the pool address + the miner's address in the coinbase transaction which also means a unique Merkle root for everyone, P2pool also puts the miner's bitcoin address in the coinbase transaction for 0.5% payment (done to discourage block withholding) but also serves the purpose we are discussing, there are a dozen of other methods in place to ensure that all miners have different block candidate, so this certainly shouldn't be an issue.
That's correct. The only disadvantage of this whole business, is that there have to be colored coins issued; at least that's how voting process works in Bisq.
I think the most challenging part would be the validation of shares, the other aspects are pretty simple to deal with, it's only this part and the risks associated to it, P2pool solves this issue by using "chain of shares" which could be used in a decentralized PPS as well, of course, with some modification given that the end result or the final coinbase transaction will be different for a PPS pool as all payments should go to the same "address".