Installing certificates on a shared IP address is supported as of cPanel version 11.38 if the server supports SNI (CentOS/RHEL 6+). You can't disable that functionality, but setting up a package without the SSL feature is the recommended approach if you want to prevent users from installing a certificate.
The problem with allowing this, is that it doesn't work properly. So you've added another "feature" that causes more of a problem than it solves.
Since this change, if someone visits any domain on the server's main IP that doesn't have an SSL certificate, the first website with an SSL certificate is displayed in the browser.
So you've only done half the job with this. If you allow cpanel users to install certificates on the main shared IP, you need to ensure at the very least, that sites using that IP which do not have certificates installed, are not replaced with the first site in the apache config that uses the same IP on port 443 when the https protocol is used to visit them.
If you can't do that, then you shouldn't have allowed this change to go through in the first place.
I think most people will agree that they would like to retain the ssl certificate facility in cpanel, with a tweak settings option to disallow the use of it when the account is using the main shared IP. It isn't appropriate to set up different packages, just to work around your poor implementation of this.
We want customers on the same packages to be able to install certificates if they have a dedicated IP. I don't think anyone would suggest it is a good idea to create a new package just for a user that wants an SSL certificate and this could not be easily automated.
The simple solution is to put it back the way it was before. Allow cpanel users to install certificates and have a toggle in tweak settings that allows us to disable the option for users that are using the main shared IP.
Currently what you have implemented is not workable and it is unreasonable to ask people to submit feature requests for things that are simply broken. Just fix it.