I am not sure requiring HTTPS here really addresses the attack surface. If someone hijacked DHCP, they could point the user to their own HTTPS site ready to take payment.
I don't think anyone disagrees that when taking sensitive information from users, it MUST be using HTTPS (and the user should, though they often don't, check the hostname is one they "trust" giving money/info to). This isn't, however, a problem limited to CP networks, nor one we need to solve, imho.
The risk of requiring certs for the CP-NAS interface is that WISPs will probably just use self-signed certs and make the user suffer the browser warnings... (Or, worse, they will not use the spec and everyone has a Legacy experience).