I'm not so sure the Spectre class of vulnerabilities are nation-state-level vulnerabilities though. I think it's the x86 world (at a minimum) pushing the limits on performance with a terrible price. Stuff like IME and TrustZone looks more like state-level-actor stuff to me.
I don't think any of those things really are. Nation-state is stuff like Stuxnet that's specifically tailored for a very particular purpose. The government doesn't need hardware backdoors when they can strong arm any companies into releasing data that they have.
If they can't do that, they still don't need to exploit hardware when there're vastly more exploitable humans that will let them in. The DNC hack from the last election wasn't a result of any special hardware flaw, but due to a simple spearfishing attack.
Sure, spectre is a new class that was discovered recently;
I recall that when these were first announced, someone posted a research paper that suggested the possibility of exactly that kind of exploit. I think that it's just really difficult to understand how to exploit the vulnerability and probably only something that a very small number of people might be knowledgeable enough to know to look for or even suspect would be there.
It's definitely not the kind of thing a government would do since their own computers would be vulnerable to someone else finding it. Sure they could hypothetically patch it on their own systems and not tell anyone else, but tell me with a straight face that the government can pull that off while being so terribly inept in all kinds of other ways.