You are right, but if we had an easily installable coreboot we could just ignore whatever comes with the computer and just flash coreboot over the existing firmware.
This is basically what Linux people have been doing with Windows in the past twenty years: see that Windows is preinstalled, boot a CD, overwrite the partition table, install distro. But this was possible because in most cases the distro you chose was ready to be installed on a whatever computer you had; the same cannot be said of coreboot.
No, you couldn't. The move to secure boot means that firmware updates are signed, because otherwise you could disable secure boot simply by pushing out a fake firmware update.
Does this mean that flashrom will no longer be usable? Not even on boards that allow disabling secure boot?