There is a problem applying currently defined ECDHE proof-of-possession mechanism to X25519 and X448 key exchanges. The issue is that neither X25519 nor X448 compute the sign of the result, and thus it is impossible to tell apart P+Q and P-Q.

Fortunately, it seems it is enough to check if tG is in { c(bG) + rG, c(bG) - rG } = { cB + R, cB - R}. And this check can be performed efficiently, as shown in cryptology eprint 2017/518. However, there is a further complication: The c must be clamped before computing cb+r on client side (clamping is just 2 bit-wise single-byte/word AND and 1 bit-wise single-byte/word OR, so very cheap), since X25519 and X448 implementations have internal clamp on private key.

Regarding future extensions to TLS 1.2, I think it is very unlikely that ECDHE key exchange in TLS 1.2 is ever extended to anything so exotic that neither straightforward addition nor techniques described in the paper above work. This does not hold for TLS 1.3 however. But TLS 1.3 has explicit type tags for signatures, so one presumably does not need proof-of-possession (and the signature payload is a hash too).

Edit: Turns out this is insufficient to to be able to use stock x25519/x448 implementations with internal clamp. To use those, also b and r must be clamped. But even that would not be enough: the t must have clamped representation that is equivalent mod order, and only about half of possible values of t have such. r can be varied, but unfortunately there are pairs (b, c) such that no r is suitable. But fortunately it turns out that t = cb - r also works (since signs are lost in computation) and one of cb + r and cb - r always has r that gives suitable t.