If you're modding, replacing it with a 1k-10k resistor should work just fine. Realistically speaking, simply gouging the LED out with a knife should also work. Those sorts of circuits rarely need a real circuit for LEDs coming out of a constant current controller.
Switch to a constant time crypto algorithm / implementation, like ed25519 instead of RSA.
I'm not sure if ed25519 is constant-power on every architecture and implementation.
https://eprint.iacr.org/2017/985.pdf is an example of power analysis relying on ed25519's deterministic behavior.
The cost should be zero. Just turn the LED off during crypto operations. No extra part needed, just connect the led to the MCU instead of actually connecting to power.
Of course, there could still be some LED attack not connected to actually doing crypto operations, but this should mitigate the known attack.
A roll of electrical tape also seems like a reasonable mitigation in the field for the truly paranoid.