I don't subscribe for my personal domains, because who cares, but when I was in charge of certificates for something important I subscribed to notifications from several providers to make sure I didn't miss anything.

I would like to think at least all the high profile destinations have someone watching.

What constitutes the "vast majority" ? Periodically I check mine, and I sometimes have reason to check others, I no longer run my own log auditing (I did when I worked somewhere else because it was close to my main field of interest) but other people do.

For any target of sufficient value that a government would do that, yes. Of course it doesn't happen anyway, because governments don't have some kind of secret access to CAs.