Firefox already has settings for the minimum and maximum version. They just need to add another one for the nagme version. Then the only thing that needs to change is that if the TLS version is allowed and the version is less or equal to the "nagme" version, then with a silly "This connection is wanting to use TLS or SSL version, do you want to continue?"
The values of course are 0 for SSL3, 1 for TLS 1.0, 2 for TLS 1.1, 3 for TLS 1.2, and 4 for TLS 1.3
The settings strings are of course: tls.version.max and tls.version.min so you would just need to add a tls.version.nag setting. Then with one simple change you can do all of the above with no bother, no muss, and no fuss (and still be entirely configurable).
tls.version.min = 1
tls.version.max = 4
is like it is now, allow tls 1.0 through tls 1.3
add a setting
tls.version.nag = 2
so that you get nag messages at or below tls 2.0
tls.version.min = 3
to not allow versions of tls other than 1.2 or 1.3
No muss, no fuss, no bother, and if you have turned off "remote settings diddling" then there is absolutely no impact whatsoever because you will have already prohibited Mozilla from diddling with your settings.