Hey @xjd, congratulations on all the hard work to are putting towards this crucial change in the ecosystem!! 
I would love if we could find a method where those funds are not minted at all instead of sending them to a zero lock. Then again, I cannot see a simple way of achieving it.
You found a good method of burning unused treasury with local information, that said this design has a weakness:
Change cells lose the original header deps for a fresh one.
Freshness attack
This can be abused by freshness attack: a reward recipient can use as input all treasury cells and mint as change a new treasury cell with fresh header deps.
This attack makes treasury funds un-burnable.
A solution could be for treasury lock to require Treasury change to be smaller than any of the single input treasury cells, so attacker is not consuming cells that he is not using.
At this point a small change cell with fresh header is not a problem anymore, right?
Freshness attack v2
Change cell is still a problem, enter freshness attack v2: a reward recipient can use as input a single treasury cell and mint as change a new treasury cell with fresh header deps.
Difference here is that Attacker just requests as reward as little CKB as possible for all treasury cells.
This attack makes Treasury funds un-burnable.
Possible Solution
Ideally to avoid freshness attack, treasury lock should additionally validate the following on Treasury change cells:
- Exists at most one Treasury change cell for a Reward Tx
- Treasury change cell is smaller than any of the input Treasury Cells
- Treasury change cell stores in cell data the header hash of the most recent input Treasury Cell
3 also have the additional consequence that burn now has to differentiate between normal Treasury cells and change Treasury cells to load the appropriate header.
Extra Perspectives
Depending on how you refine validation, I can refine attacks.
For example, if you decide to simplify into no change cells, then attack becomes burn all treasury with a variation of Freshness attack v2.
If instead treasury reward is a all or nothing (no partial reward withdrawals), then you have a fairness issue: new grantor with smaller claimable reward can jump in front of bigger grantor who is waiting for his full reward to be minted on-chain. This means that a stream of small grantor can effectively prevent a big grantor from withdrawing his reward.
Keep up the Great Work @xjd 
Phroi
PS: I don’t mind keeping this conversation going over here, but if you feel more comfortable on Github, feel free to create a proper Github Repo and we can discuss over there.
PPS: the following phrase is incorrect cause Output Locks do not trigger validation by themselves (I wish they would):
Treasury cells can only be created by consensus, similar to a cell base