Perhaps bookmarklets could make that possible? It could generate loading of the resources using the SRIs hardcoded directly in the JS contained in the bookmark itself.
Or even simpler, use the data: URI for the initial page as a bookmark.
The data: url to bootstrap trust is a really cool idea. I like that.
Of course then you are starting from a null origin, which makes certain traditional web architecture things hard. Maybe that doesn't matter if you design for it from the get-go. Too bad <iframe> doesn't support integrity. I guess you also sacrafice features that require a secure origin with this method.
Or even simpler, use the data: URI for the initial page as a bookmark.