Talking as a admin at a registrar, Yes, Indeed Yes, you should be able to disable DNSSEC regardless.

DNSSEC signed is basically just that the TLD servers has a DS record listed for the domain. In order to remove dnssec you remove the DS record. This can be easy or hard depending on the interface that the TLD, but in theory very simple.

The reason why its recommended to remove dnssec before transfer is to allow caches to timeout with the old DS record to expire. Some TLD also automatically remove DS when you do a transfer and a name server change, as it is a rather clear signal that the old key won't be useful. There is however some exciting new technology called multi-signer which is intended to resolve this problem in the future.

Disabling DNSSEC doesn't propagate instantly. Have you queried the CF nameservers for the domain directly? In my experience everything involving DNSSEC requires a 24h wait (unless the domain hasn't been queried from anywhere - but that's usually not the case, something might have triggered distributed DNS lookups e.g. LE doing DNS validation for cert issuance etc).

There is, but it requires cooperation between everyone and double signing between the old and new hosting service (for a short period of time). That rarely works out in the real world.

There are some tools being worked on: https://github.com/DNSSEC-Provisioning/Multi-signer

It shouldn't be a problem, at least i never had one, if you don't change the authoritative DNS servers.