I don’t think the suggestion is to prevent anything. On the contrary, I think it’s good that CAA is added as a result of Universal SSL.
One solution, like the suggestion suggests, could be to add a view-only record that displays the CAA. Possibly even toggleable from the advanced options.
Or like this related comment suggests, list them in a new section below the rest of the records.