You’re right, and that’s why HSTS preload-list has been started: to avoid that very first request in the first place.
But HSTS can be tricky to put in place (I love the feature, but don’t make any mistake otherwise it could be a nice way to shoot yourself in the shoe if for some reason some part of the site still need plain http) I believe the focus on that very first request hijack can be greatly mitigated by using safer DNS. e.g. , as a user, I feel more confident using DNSSEC and visiting https website without HSTS, rather than visiting few websites with old plain DNS which could be spoofed (in the same scenario of a MITM being able to act)