I guess some kind of hard (repetitive) steganography where the private key signature of the original photo is somehow encoded lots of times; also watermarking everything and asking the reader for some kind of verification if they want their non-watermarked copy.

There seems to be no other way (apart from air-gapping everything, as others say).