Defining the drivers themselves needs to be done outside the repo as letting the repo run arbitrary commands is a security hole, but which merge/diff drivers appliy to which files can be done in the gitattributes file, and that does work in-repo.
Its really not that hard to imagine how you can do this in a secure way. Git has identity and signatures built in. Maybe only updates from trusted users are considered, and you still must agree to the updates, etc etc.
Throwing up our hands and saying its impossible seems like a terrible choice.
If you're going to make me manually agree to the updates, you may as well just have me run a script manually.
I'm not saying it's impossible! I'm saying it's pointless. Trust people set up their own config given tools and instructions, and they might even surprise you by coming up with a better workflow.
Third party tooling could interface with something built in but not the one off scripts people use now. I'm not trying to be draconian here. I just want a built in way to share needed configuration information that we have to special case now.
Third-party tooling already interfaces with hooks/merge config without having to check them in. You put the script that does it in the repo, and you ask users to run the script on checkout.
