It is probably worth noting that the needed surveillance does not require privacy violations. In fact, better solutions have been available for a long time:
https://cosmism.blogspot.com/2020/03/from-tracing-to-preemption.html
Regarding trust, accuracy, liberty, etc of "delivered health certificates", users must have individual ability to assign trust levels to various testing organizations, such as via loading their pki/ca scheme in app. Various "government" and private tests are using many different assay and collection methods, these have already proven to have varying levels of false positive/negative, and may or may not have signed their cert over the holders phone serial number or simple face pic leading to fradulent presentation. Users may wish to select an accurate private test company, strong liberation, privacy preserving, etc... over some authoritarian government body that only gets 2 out of 3 test param right, does not test blood sample under full realtime custody of the user to monitor their own test and personally destroy after, welds your ass behind a steel door, etc. P2P proximity apps are interesting tools for these situations, but be very wary establishing granting slippery powers, forever databases, ID, tracking, etc to central "authorities" in the process. Also users don't really care as much to "record a [risky] contact forever", that is the old after the fact tracking database surveillance anti-privacy state apologist mindset. And, were it the sole operation mode, would be entirely useless/unsafe in the realtime moment. Users really just want to gauge "should I have some reasonable or particular interaction with this person right now at this moment". Of course there is always delay continuum from test, to disease acquisition, to spreading phase, to later discovery in later test, a window of risk. That operation mode would require a distributed social overlay network personal test repository to backcheck old contacts against, and mandatory time based contact record destruction falloff curve on each users device and or in the distributed net. Making both users contact history anonymous, and or ensuring privacy self destruct of contact falloff, is an implementation challenge. P2P proximity app could even offer other potential decision metrics to proximity peers, such as number of unique contacts over time, distance traveled, risky or evidencial places visited, degree-of-freedom depth to other pass/fails, ranking and voting on testing entity pki/ca levels of trust, etc. None of this requires any government exist power or intrusion at all. Good things can be recognized and achieved voluntarily. Last, beware the very potential disgusting impact of "social scoring" "caste enforcing" etc that even P2P schemes can enable and devolve into.