You can't wish professionalism into being. You have to build a profession. We're not there yet with any aspect of information security. The hard work of defining the field and its requirements has not yet been done. No organization currently extant on this planet has any business pretending that they know the answers to these questions, let alone charging money to take tests about them.
Obviously it takes time to build a profession, but you've got to start somewhere, and part of that path is certification.
Unfortunately the industry is growing far faster than perhaps happened for previous emergent professions, so the time needed to slowly grow professional bodies isn't available.
If it's not commercial organisations that start providing those services, the only other options I can see are some form of union, or some government mandated body. Those are options, but both have their challenges.
No, you're describing a cart that is pulling its horse. The "certification", in whatever form it takes, must follow the professionalization of the field.
Regardless, none of the certificates you've mentioned --- OSCP, CREST, or SANS --- will define information security. None of them have any meaningful credibility to experts.
