The simplest example of SNARK-based authorization is Tornado Cash running without relayers. The transactions would just appear to be “sent by” the Tornado Cash contract, and would verify the SNARK and that the nullifier is unspent (the latter is a storage lookup).
Agree that we’d need other measures if it turns out that allowing SNARK verification in pre-processing is too much. However, the existence of Zcash (which of course has to preprocess in some cases many SNARKs before accepting a transaction) suggests that it may not be that bad.