Could you use the existing message e2e encryption method and just send a encrypted file containing a \n separated list of trusted keys?

That way you don't break the message protocol and you get the e2e protection assuming you've verified at least your own two keys?

2286 is about sharing keys for chat history, but has the concept of asking another user/device for keys.

"Matthew has added a new device 'iPad' and is requesting room history since Sept 18th. Do you want to share history?" ref

For this issue what about a message to your older devices when you add a new one: "You just logged in width a new device, do you want to share encryption keys for your history with this new device?"

And in return on the new device: "On other devices you have verified the keys of some contacts, would you like to trust the same ones on this device?"

Just discussed this IRL with @richvdh; we kicked around the idea of just storing the verification state in a megolm room rather than finding another way to share encrypted JSON between our devices. We'd want to encrypt the verification data as well as sign it from a privacy perspective. Conclusion was that this is really a refinement of improving the verification UX and we should come back to it once focusing on improving verification.

Verification process has been improved, but but there's still no synchronization of verified devices.
Even for single private room it was quite painful (I'm using 5 devices + 3 devices for the other side, even using the old method for devices I already verified on other devices, there was a lot of clicking).
Is this anywhere on the horizon, or has been forgotten?

We now partially have this on the verification side, with cross-signing. But we don't share blocking status yet.