I think this is not too difficult. I am not too familiar with the inner workings of s/mime so I too am not savvy enough to judge. But if s/mime follows the principal rules for decentralized identity verification (1- the certificate is linkable and reachable, 2- the certificate can be modified to mention the fingerprint of an arbitrary key), then it's feasible.
Where decentralized identity comes from
So why does Keyoxide currently work? When you currently prove a single online account, I consider this to be a bad use of the platform. So you link an account to a key, it doesn't prove anything, every bad actor could do the same. The OpenPGP key itself does not prove anything (unless it's part of the web-of-trust).
Keyoxide only works when you link two or more accounts to your key. The key itself, again, has no "identity" value. But the two (or more) accounts you have linked together prove that the same person/entity controls all of those accounts.
Decentralized online identities gain their value from the collection of accounts they link together. To use your example, celebrities (like our real person Harry Potter) could use Keyoxide to link their Twitter account (which is already known by many) to some other account and now, everyone knows that this other account is genuine and not an impostor.
This is where I believe decentralized online identities trump passports. Passports intrinsically also don't prove anything (only the photo is usable as "evidence", there's no DNA sample inside it, no fingerprints), the only way to know if a passport is valid is contacting the government that issued it. In Keyoxide terms, this is like a key with only one identity claim (the passport document number) and there's only one authority that can verify it. The proof to this claim is also "non-transparent", the government can't prove to us that the passport is valid, we have to believe whatever they say.
To conclude, Keyoxide already works because of this linking of public accounts. But it requires "prior knowledge". If I see someone's profile and they linked 10 accounts together, none of which I am already familiar with, I still don't know anything about whether this person is genuine or not.
The case for s/mime
Authoritative proofs might be the raison d'être for s/mime in decentralized online identities. It could be desirable to have an authority say "we issued this certificate to person X so if their decentralized online identity verifiably links to this certificate, well you know it's really them".
In fact, it's conceivable that in order to be used in professional environments, Keyoxide must support s/mime as that could be the method some companies already use to establish identity.
During the development of Keyoxide, I try as often as possible to stop and consider "how could a government abuse this?". In this case, it's conceivable that a government might make it mandatory to include a s/mime certificate which would allow them to link their citizens to their online accounts.
This is why "linking personas, not persons" is considered a feature, not a bug. As long as the keys/identities are not linked to an actual person, the identity may be considered anonymous.
Also, consider the case where a government decides to not issue those certificates, for example to minorities they consider undesirable. Would this make their decentralized online identity any less valid?
These are my quick thoughts on s/mime. Overall, it violates some of the more purist principles ("the only authority to determine someone else's identity is the end-user, not a third party") and invites government control and potential interference, but provides an additional avenue for identity (identity by authority).
If I see things wrong, do not hesitate to correct me 🙂