Lots of whining, no real solutions
Let's start with the external devices for storing all state... the answer is simply no. You're coming at this from completely the wrong angle. Your heart is in the right place, but it's still a huge resounding no.
Let's consider yet another stinking external device. To make it practical, it would have to be something that is small enough to meaningfully be carried with your "Sexy laptop" or tablet. My computers range from 4" pocket PCs through 13" Surface Book PCs. Which means any external device should need to be the size of an SD card or MicroSD card... I lose about one of those a month unless I leave them permanently docked inside the PC which means they lost their external state.
Hacking the computer externally will simply happen. It's going to happen, it always has and always will. So long as the networking stack of each operating system is constantly changing and growing, and as long as there will be 10-20 million new lines of code running on a system every 18 months, there will be security holes and the ones you're talking about aren't even nice low hanging fruits that hackers love. Your talking about hacks which require real work to be involved. I used 23 hours to decrypt an iPhone 6S that was a much lower hanging fruit than you're talking about and to do it, I had to destroy 4 of them, one by placing it in the oven to get the chips off.
What you really want is some more reliable method of protecting users....
1) We need something like ME, it should be universal, being open would be a bonus, but universal should be available. This will be a major insecure hacking target for 15 years... it'll be like Linux or OpenBSD or Windows... too complex to ever really secure.
2) We need a means of securing the system to lock stuff down. This means signed code on the ME processors. The signing should be verified in hardware only. This means every single patch and update will need to be signed by the ME vendor.. IE Intel.
3) We need a way of wiping a system... JTAG/Serial is best. Let's have a set of tools which requires simply applying power to the system and require that every chip which holds state must be able to recognize a full wipe command and respond with progress and when finished. This will make it so that every device should have a standard connector... something extremely simple like a 0.5mm by 0.1mm by 1mm deep slot with four wires that will allow connection to a USB dongle that can be used to fully wipe a device. This means that even smart watches can have the connector on it. The benefit of this is that flash chips, etc... can all be connected to this and all devices connected to this bus will enumerate and respond. If a device is not able to respond, the computer should be considered compromised and/or possibly dead. As part of the ME processor (for example) there should be a small memory region which describes the devices which should be reachable over this bus.
Let's :
a) recognize that ME is here to stay because if you take my ME/AMT away I'll cry... try managing thousands of computers for a few days without the ability to ... well manage them and you'll kill yourself. ME is a mandatory human safety system.
b) recognize there's no possible way you'll ever have "a simple FPGA" that does what you want... mainly because what you mentioned isn't an FPGA thing... it would certainly have an FPGA, but it's not really something hybrid instead.
c) Recognize that you'll never ever ever have a stateless machine. It's just not going to happen. Every possible way of doing this is completely flawed because it requires carrying more crap. Wired crap will have to be some sort of card. Wireless crap would require some sort of stored keys on the computer and the external device to secure them... meaning that the device is no longer stateless so might as well say screw that.
d) There simply will never be a secure computer. You're correct that ARM vs. x86 is irrelevant... For example, Qualcomm, nVidia, TI all make ARM processors where ARM is little more than "the standard part" of the CPU. The vendor specific stuff in any of those three vendors is extensive. Consider radio controllers for GSM and LTE which generally don't run in software on the ARM chip as that would require all operating systems to be power sucking RTOSes. In reality, there's no point in even pondering a secure computer.