TBH I think it's fine to prevent access to updates that update the app to work with the updated OS. That is work and I think it's fair to charge for it.
The App Store already does exactly this, though. The only difference is that the gating is by OS version rather than payment.
An Xcode deploy target can require a minimum OS version, and when an app's minimum version increases with an update, the update is not available to users who haven't updated their device. If the device doesn't support the new OS version, the user is stuck with the last version supported on the old OS, and will not receive any future patches.
Still could work but isn't easy, and probably throws a wrench in the whole modern idea of continuous develop -> deploy.