With an approach of 'each client publishes trust assignments then clients calculate trust ranks' private follows can be handled - your trust assignments would give non-zero values to privately followed users (if you so wish) and then others would use that info. Ofc if you want to keep your trust assignments 'private' that won't help.

Onboarding for new users is already a problem and requires some input from them - 'topics' etc, some seed from which we could work. Any seed will inevitably lead to some 'preferred' profiles, whose trust assignments can be used to calc trust ranks for this new user and show them something 'trustworthy'.

As for bootstrapping trust for new users - this has always happened naturally, through friend (someone invited you to join right?) or through genuine organic interactions (new user interacts with others and they reply and some trust is passed). But organic interactions take time, and also on Nostr it might simply be too costly to organically outpace bots that will try to gain trust the same way. That's the only place where I think PoW makes sense, also trust-bootstrapping services, or OpenTimestamp (onchain tx) with non-trivial fees spent (or a burn - but that's wasteful).  

Link to trust assignments note: nostr:note13vpt4uqmfljhy9ql8rur23dpepkd8dkryxcp9mlf2wqjgxwj6puqnj3n6j