You can decouple the encryption and decryption keys such that the private key would never be present in any Tesla system at any point in time[1]. And you can introduce a ratchet such that compromising the Tesla car at time t0 would not enable the attacker to decrypt any encrypted data at t[n < 0].
[1] Asymmetric crypto KEM + ephemeral symmetric key + encrypted block. eg. <https://libsodium.gitbook.io/doc/public-key_cryptography/sea...>