What's special about RISC-V? How does companies not having to pay for using an ISA in a processor having anything to do with whether they implement other processors inside of their processor?
It's not that RISC-V guarantees truly transparent firmware and microcode; as you correctly point out, it does not.
What RISC-V offers is the possibility of truly transparent firmware and microcode. This comes as a refreshing alternative to x86, which guarantees that firmware and microcode, including those of security coprocessors (e.g. Intel CSME & AMD ST, formerly ME and PSP) will not be transparent.
I am not as well-versed in the specifics of ARM's TrustZone as I am with Intel CSME and AMD ST, but I understand many of the people uncomfortable with the latter two are uncomfortable with the former as well. I do not believe it comes with the same capabilities as CSME or ST (PSP), but I do know that earlier versions of PSP were implemented using an ARM TrustZone core. That said, I need to do a lot more reading and research on it before forming more substantial positions on it.
What RISC-V offers is the possibility of truly transparent firmware and microcode. This comes as a refreshing alternative to x86, which guarantees that firmware and microcode, including those of security coprocessors (e.g. Intel CSME & AMD ST, formerly ME and PSP) will not be transparent.