Normally the secret key stuff is protected by a passphrase for a PGP verified email. So the entity owning the laptop would have to wait for the department to make a request first (rare) to keylog the passphrase and would only get to make one bogus request before revocation of the identity.
DKIM and SPF only prove that an email passed through a particular email server. The whole point of doing the verification end to end is that the stuff in between does not have to be secure.
Yes, if you're assuming that police departments can keep a rarely-used passphrase secure and not written down in online documentation anywhere, while also being accessible in emergencies, then that system might work. (But then you also have to remember to rotate the passphrase when anybody in the entire department leaves or gets fired).
Access to the passphrase would not by itself provide access to anything. The malicious person leaving would also have to take along a copy of the encrypted private key.
In practice you would just register 2 or more keys left in the care of 2 or more people. Each person would be individually responsible, as it should be. When someone left you would revoke the key. You would not have to go super hard on this, most of the requests would be routine and not time sensitive. In an emergency you do the best you can with what you have available.
DKIM and SPF only prove that an email passed through a particular email server. The whole point of doing the verification end to end is that the stuff in between does not have to be secure.