The mitigation obviously must be that both send an encrypted form of their signature and then they send the unlocks and combine them. Both should agree. I think this is called a "commitment".

The encryption would be based on an ECDH shared secret, they have to first share a public key, generate a random private key, generate a secret with the other side's public key, send the encrypted packet, wait for acknowledgement (the hash of the message encrypted message) and then wait for their side and return the ack and once both send and both get acks they then share the public key used to generate the cipher used on the signature.

BTW, when the diagram shows the addition of the two keys, that is literally how schnorr keys are aggregated. The only bit that is unfamiliar to most is that is an operation where the overflow bits are added to the other side, modulo addition, a form of clockwork arithmetic in binary.

Also, note that the very same thing can be done with more than two, but it could take a long time if there is hundreds of parties as this is an interactive protocol, although if you have the patience it certainly can be done more or less asynchronously, like it was email.