Why would QUIC be any more or less MITM attackable than say HTTP1.1 or 2?

AFAIK, the only thing that stops an MITM attack (where they respond as if they’re the remote server and then relay to the real remote server) are certificates.

If an authority requires you trust their root certificate so they can spy on you, QUIC will not make any difference.