How does that provide any assurance against future changes that the public wouldn’t have any ability to know about.

The NSA has a bad historical reputation for this sort of thing - intentionally weakening crypto standards to make things easier for themselves to break, while keeping them "strong enough" that other agencies outside of NSA/GCHQ/GRU can't. The Crypto AG scandal [0] was pretty bad, with Clipper/Skipjack & Dual_EC_DRBG [1] being more recent ones. The NSA could do what you are asking to do, but they probably won't let us know what the really bad holes are because they want to keep using them.

Notes:

0 - https://www.washingtonpost.com/graphics/2020/world/national-...

1 - https://www.scientificamerican.com/article/nsa-nist-encrypti..., https://en.wikipedia.org/wiki/Dual_EC_DRBG

"Why doesn't the state protect everyone from ___?" is a naive question.

Almost anything can be a significant security issue for the state. They have to carefully choose where they are going to spend effort & money.

And they pick whatever will keep them safely in power... which never ever includes "strict regulation of vacuum cleaners".

Better yet, why not pick a security auditor and have the bidder pay for it, as a condition for approval?