I think it would be a good idea to add instructions to accelerate cryptographic primitives. We would specifically NOT design them to be resistant to power/emi attacks, since those aren't typically visible over a network and because they take a lot of time and effort to design properly. They would be resistant to timing attacks, since those are much easier to design for and are exploitable over the network. They wouldn't be intended as much for cryptography as for things like git, cryptocurrency mining (see Monero's new RandomX algorithm) and BTRFS. The main reason to implement special instructions is to accelerate the crypto instructions and because implementing S-box based primitives (such as AES) introduces timing issues when using software because of part of the lookup table not being in the cache. If resistance to power/emi attacks is required, users would still have to use other HW.
See: http://lists.libre-soc.org/pipermail/libre-soc-dev/2020-November/001175.html Additional applications: fast non-cryptographic hash functions (for things like hash tables): https://github.com/tkaitchuck/ahash