Got it! I will try to think of the best way to do read-level authorisation, which I think is the building block we need for this. I'm thinking something like a "virtual filter" that is applied to all queries and has the ability to remove disallowed events from the output. I think this would be integrated at the DB querying level, so that (ie) you don't get fewer results than your limit, as might happen if it was done at a post-processing stage.
I think nostr:npub1acg6thl5psv62405rljzkj8spesceyfz2c32udakc2ak0dmvfeyse9p35c has already embarked down the rabbit hole of building his own personal relay, but to circle back, I think what would fulfill the original request would be a way to limit public (un-authed) event reads to only those events authored by white-listed pubkeys.
And then, yeah, there would have to be a way for the white-listed pubkeys to be able to auth on the relay and be able to subscribe to (read) all events, including those written by non-white-listed pubkeys (who are allowed [by my write policy plugin anyway] to write events that include white-listed pubkeys in the event tags).
Discussion
Sounds perfect.