Neat idea! 
Many customers I have worked with want to selectively enable encryption via e.g. Envoy (or Istio) and enforce which Pods can communicate at all also using Network Policies.
There’s also this guide for node-to-node WireGuard configuration for those who may be interested.
Since Pods come and go, perhaps an Operator could be useful here, to help set things up for inter-Pod communication.
Have you deployed this and seen that it works as intended?