You can have an HSM that encrypts the data with its own key, and merely verifies that the apple id & password match before decrypting anything, and you can destroy the private keys necessary to reprogram the HSM, so that way you can't be compelled to change it. The HSM would similarly do whatever verification is necessary when resetting the password to ensure that the rules are met.
That said, I don't know what Apple actually does. I know they use HSMs, but most of the info about how that works is about Keychain syncing, which is done a bit differently than other iCloud data syncing.
