I have to trust the publisher, otherwise I can't update and I have to update because CVE's exist. If we step back, how do I even know that the image blessed with hardcoded hash (doublechecked with the website of whoever is supposed to publish it) isn't backdored now?

Because it has been out and published and used for weeks/months. The longer an artifact is public and in use, the less chance it has of being malicious.