I think not supporting an AES primitive is a mistake. One day AES is likely to be replaced, but that’s certainly many years away, and unless there’s a massive and complete break, it will be even longer before people actually stop using it (how many people still use SHA1? MD5?).
If it (or perhaps a generic crypto instruction with a parameter for algorithm) is in the machine independent instruction set, it can be emulated when it reaches the point of being removed from silicon. When we reach this point, the emulation will only need to be correct, not super hand optimized for every cycle, so the cost required to maintain the specialiser on a new family member would presumably be very low / none.