I made some changes to the wiki: Strong Linux User Account Isolation - Whonix
Yes, we should definitely fix all known ways to monitor keystrokes. apparmor-profile-everything can do a great job at this.
We should look through the source code of public keyloggers/rootkits and see what methods they use. For example, https://github.com/naworkcaj/bdvl which works with LD_PRELOAD.