As per Whonix Live KVM instructions - https://www.whonix.org/wiki/Whonix_Live#KVM_2 - even the grub-live package says:
To increase security, the VM disks can be set to read-only.
grub-live is compatible with virtualizer read-only setting, even recommended.
Does this solve your concern?
This is really good. Could be done using systemd unit file.
Not sure too.
whonix-libvirt package also seems wrong since not tied to Whonix only (also hardened debian). Since there is the grub-live and grub-default-live package, it would have to be duplicated or yet another grub-live-shared package would have to be invented. On the other hand, setting disk to read only in virtualizer settings is not generic for any VM but Whonix KVM VMs only so maybe whonix-libvirt is a good place?