The only real way to make the relay not know what it's sending but not have everything encrypted is to make the operator unable to communicate preferences to the relay, which means relays in enclaves with attested runtime code meeting protocol spec, and if no proof-of-blind-enclave then not considered protocol compliant.