I agree with your stance on every single count but one. If your request already hits the plaintext 80->443 redirect, you've already lost; there's nothing the server can do to guarantee security, and refusing service altogether does not complicate the task for an intercepting proxy, because they can still make an upstream HTTPS request and serve it back over plaintext. That game was always lost, which was the original motivation behind HTTPS, and then HSTS.

This scenario is not hypothetical; it's literally what you must do if your hardware is not capable enough (my G4 struggles along, but older CPUs are the true test of patience). I wrote TLS-stripping, HTML-rewriting proxies for fun, and every HTTP client that trusts the web server with redirecting to HTTPS is vulnerable. If this affects you, the problem is that your web browser is likely more ancient than mine - HSTS with preloads has been a thing for like a decade.