That’s a good point. You’d probably need to go invite-only for the Tor side of things (Beehaw style) for Tor instances to kick out the black markets/pedo networks. I don’t think Lemmy can do that (federate with all clearnet servers, whitelist for Onion services, require validation for Tor+Tor exit node user registrations).
I think you can throw something together with a reverse proxy setup (refuse federation from .onion sites that aren’t on the whitelist, disable access to the registration API), but there are probably issues I’m missing here.