To the best of my knowledge to get a full DNSSEC stack you'd need registrar-level keys to sign the root, so that might not even be an option.
That is correct. Your registrar and your DNS provider must be able to exchange the hash, I suppose very roughly like a TLS handshake (or probably more like a DKIM verification actually).
So if you can't set the hash, specify the hash schema and algorithm etc at the registrar, there's no point in doing anything at the DNS level. In fact, I think that might just serve to make your site inaccessible, because the hash check would fail and security conscious browsers would block the site.