Well, I’m not that pessimist, at least not on those 2 points. I hardly see how CSP would prevent addon to do their stuff, as CSP is protection against cross site attacks, and extension aren’t sites (thought I actually remember having an issue like that once making an extension, but correcting the extensio’s permissions solved it).
And DRMs only apply on the video stream. It won’t protect the webpage or the javascript. Plus there are content on youtube that they are contractually required to not put behind DRMs.
What I’m worried youtube will do is simply that their server will refuse to send the video until a certain time after the user load the page, thid time corresponding to a bit less than the time the user would wait by playing ads.
It won’t force the user to watch ads. But it’ll deincensitive it by a certain amount.
I can confirm I have already some experience with the fact of VPN usage being flagged as a high change of automated traffic (except it was TOR, which is pretty much identical in this context).
Discord put me a wealth of captcha, Wikipedia refused edition of pages (even with my account. Which IMO looks like an oversight). And many pages just had captchas even when not trying to log-in.