I noticed by chance in early April that Google Public DNS (the 18.104.22.168/22.214.171.124 people) now offer DNS-over-HTTPS. I thought this would a nice little addition for privacy but it seems so new that nothing out there supports it! A few weekends later, I now have a little proxy daemon and for the past week I've been running it on my OpenWRT router without issue! It's not perfect but I've uploaded the code here if anyone is interested.
Cleanups, some security auditing and test coverage work needed but I feel it's working well enough to release it to others at this stage. Hope it's helpful to someone else!