One way to detect when this has occurred is to use fstatfs() [0]: it will tell you whether an fd truly belongs to a procfs, or whether it belongs to some other kind of filesystem. Of course, you still have the issue of one part of a procfs being bind-mounted onto another part of a procfs (or onto a different procfs). For that, one mitigation is to double-check the st_dev of every file down the chain. But it still doesn't guarantee that you haven't been led into a recursive bind-mount: for that you have to use tricks like checking rename() error codes, or some of the fancy new openat2() flags, to test the absence of a mount-point boundary.

Personally, my stance is to just blindly trust whatever /proc tells you, except in really unusual security models. Users can only end up hurting themselves by putting nonsensical things in there. (The same way no one should bother checking that /dev/null isn't a regular file, even though root can easily make it one.)

[0] https://man7.org/linux/man-pages/man2/statfs.2.html