[arghwhat]

No amount of staff will be able to predict file formats and protocols before they are designed, and unless file formats and protocols are permitted prior to being "understood" by this hypothetical internet filtering agency, then no new formats or protocols can be formed, or even updated. However, permitting them prior to being understood also mean that arbitrary traffic will be permitted, as long as the formats and protocols mutate faster than they are implemented by the bad guys (the state-level actors you describe).

The only scenario where I can think of a setup where a filtering agency would be able to block "dangerous content", while still permitting legit use, would be one where each and every file format and protocol creation/update would require applying for a permit to the respective agencies in every country where the format is to be used. The absurd bureaucracy this would entail, such as the time it takes for the agency to write some form of verification, would kill most, if not all, innovation. The only innovation I could imagine still living in such an environment would be circumvention efforts.

Furthermore, steganography is not a separate issue. In the hypothetical scenario where this is both possible and the resources for this exercise are present, the entire exercise becomes moot once you realize that you can encode anything as a jpeg or video file with a minimal overhead. Applications would just all implement protocols that exchange JPEG's or MP4's with a small overhead, leading to no traffic being stopped as "unreadable".

And before you ask: Detecting such measures is not possible in the general case.