If scanning works on filesystem-level, just storing images in any non-standard format would be enough, you don't need root for that. Most likely even storing images in an sqlite would make them inaccessible for those scanners. Trying to force all apps in the world to use some scanning API for their images is unrealistic. Also you can use web apps with some website hosted in a free country with canvas drawing.
They'll just use mass-bombing by targeting most popular apps and services and that's about it. It's unrealistic to expect 100% solution, because 99% solution will be good enough.
If a competing photo storage site doesn't offer the same "feature" of scanning the files you upload, might Apple decide to prevent iOS devices from accessing it? I'm sure Apple would love to claim that the anti-trust authorities don't care about the children.
There's no precedence for any browser to censor any website outside of malicious website feature. So technically you're right, Apple surely could do that, but that will be another level of fence around garden.
They'll just use mass-bombing by targeting most popular apps and services and that's about it. It's unrealistic to expect 100% solution, because 99% solution will be good enough.