Isn't this too complex for end users to use? It requires using a command line and stuff.

The unfortunate (or fortunate?) reality is that the big fish will do whatever it takes to not spend their life in prison while everyone else will be under constant surveillance without E2EE but with all implications of that.

What happens if someone intercepts the key-exchange messages?

I think the answer in the link is about intercepting encrypted messages but not about the key exchange. If you're able to intercept the key exchange (man-in-the-middle attack), the scheme is fucked. You need to be absolutely sure you're using the correct public key. That's why the phone call is mentioned: use a second channel for multi-factor authentication (MFA).

What happens if an attacker uses the attack from XKCD 538?

You're fucked but this attack doesn't work on scale so hopefully you're not among the biggest big fishes.