The simple solution to this is using a physical switch instead of hiding that functionality in a BIOS setting. A clever designer could even design it into/near the port itself so each port can be switched independently.

And those switches can go next to the ones for power to the camera, microphone, wifi, bluetooth, speakers, and anything else that I might want to be electrically disable-able, right?

Physical switches for the USB ports sound like they'd be as confusing for most people as the physical wifi switch was, when that was common. I think that means that if some manufacturer decides to introduce them, they won't be around long.

I can just imagine the call to technical support for a laptop like that. "Have you tried turning it off and on again?" times a dozen switches