I think the simplest way inject custom code into the HTML files without modifying them, is to add an additional layer of processing. It will slightly (probably unnoticeable) slow down each request, but it will certainly be less effort on your part.

Assuming you are using Apache, create an .htaccess file with a rewrite rule similar to the following (untested).

RewriteEngine On
RewriteRule \.html$ /injector.php

This will cause every request for an html file to be passed to injector.php

Inside this file, you can see the page that was originally requested using $_SERVER['REQUEST_URI']. Fetch this file from disk using a DOMDocument and locate the area you want to inject into using the built in methods (If you want to put a <script> in the <head> you probably only need getElementById). Inject your code, and spit out the modified document.

FYI, it is perfectly allowed by the law to use cookies that are necessary for operation, this includes things like PHP session ids, and, a cookie to store any preferences related to cookie use. I repeat, it is fine to use a cookie to store the preference that a user does not want to use cookies.

In your injector.php you can detect the presence of such preference cookies, and based on that decide not to inject your javascript if you so desire.