Combine SRI with CSPs and cache-control: immutable and you could already commit a page to never change. All that's missing for TOFU is fingerprinting this combination, watching for changes and surfacing the information to the user.
Unfortunately that by itself does not guarantee security. The code that is verified by the bookmarklet could download additional code when it runs, and that code would not be verified.
My point is that verifying that the content doesn't change is by itself not enough. You also have to verify that it was secure to begin with, and that is much harder, especially for your typical end-user.
That's a separate problem to solve. But for audits to even make sense you first need to solve the problem of sites changing under your feet, i.e. enabling TOFU.
