If we consider why this is even needed (people “vibe coding” and exposing their API keys), the word “brilliant” is not coming to mind

To be fair, people committed tokens into public (and private) repos when "transformers" just meant Optimus Prime or AC to DC.

Except is there a guarantee of the lag time from posting the GIST to the keys being revoked?

Is this a serious question? Whom do you imagine would offer such a guarantee?

Moreover, finding a more effective way to revoke a non-controlled key seems a tall order.

If there’s a delay between jets being posted and disabled they would still be usable no?