Can you also program something to do this for all root zones, i.e. something like 'zone ".*" { type deligation-only; };'
no. not just because that's not how our internal hashing works, but because "hosted" tld's like .museum have had wildcards from day 1 and the registrants there are perfectly comfortable with them. there's no one-policy-fits-all when it comes to tld's, so we would not want to offer a knob that tried to follow a single policy for all tld's.
And make it default configuration for new bind releases...
never. not for your example, nor for any set of tld's. the default for bind will be what it's always been -- to respect the autonomy of the zone administrator/publisher. overriding that autonomy has to be a local act by a local name server administrator who is fully conscious of the impact of their configuration change. once, with "check-names", isc was accused of "legislating from the bench". never again.