A government would still have to make and use their own keys in a man-in-the-middle attack. The forged key means that if anyone bothers to check it will be detected, and there are also various ways that an application can lock the used key to make this impossible. Man-in-the-middle requires a lot of control over the infrastructure, for something that works reliably they would need to cooperate heavily with telcos, and spend a good deal of money.
That's a very bold claim, any evidence you can provide to support it? How do the governments sidestep Certificate Transparency, which makes the simple possession of the signing keys ineffective? And have there ever been reports of developers observing these rogue certificates in the wild?
My assumption was that the signed certificates are provided by governments to state owned or shell companies (China having high profile cases of this).
But if it really was this simple, it would have been noticed earlier.
If this is the case, then you have to ask, why is this bill even needed?