As a sanity check, by default certcentral should check newly-issued certificates to see that they contain embedded SCTs. CTs (and SCTs for the most part) are required in practice for public certs to work in the modern world, but apparently registrars can still technically get away with not doing so, and sometimes do that by accident and cause some carnage (cf all the drama in T205504#4660385 and beyond). I'm not sure if we should just check for "SCTs exist at all" as a quick sanity-test, or if we need to really validate that the SCTs are cryptographically legit.
However, there should also be a flag to disable SCT-checking, in case we later want to hook up a private internal ACME CA as a provider which doesn't use CT/SCT. Maybe just at the per-account level for such a flag?