Add a fragment identifier to the relay urls containing the cert fingerprint? Like this: "wss://69.69.69.69/endpoint #fp =" ?

Pretty sure you can trust the event for the cert fingerprint, if it's wrong you'll just fail to reply or fetch related events.

In fact, does TLS between client and relay really just amount to MITM protection for privacy+censorship resistance?