> I do wonder if there is a non-draconian way to mitigate for that risk.
Specifically doing code review before deployment to production. For such an attack to work, you would have to have the reviewer and the developer working together. It goes from a "lone wolf" type attack, to one where you need a conspiracy amongst multiple people in the chain for it to be possible. It increases the chances or slip ups/detection or someone pulling out and exposing the others involved.
Plus, in addition to spotting backdoors, code reviews can sometimes aid in detecting bugs the other dev didn't notice/see/test for, and can be a good idea to do anyway when doing dev work.