Not familiar with Zcash specifically, but it should work the same as Bitcoin. You cannot initiate a transaction without the (password protected) private key of the wallet containing BTC. If the victim of civil forfeiture refuses to provide the password and private key there is nothing that can be done to acquire the money. This is good because it changes the game from the "government takes your money and you have to sue to get it back" to "government has to prosecute to get your money in the first place".
It doesn't prevent some vague yet menacing government agent from breaking your kneecaps in order to get the password, but no security system has been able to plug that hole yet.
So there's an idea: a wallet format that lets you decrypt with any of one or more passphrases, with each passphrase giving a different set of addresses.
This is already in wide use by Trezor users. A user can have an arbitrary number of decoy wallets unlocked by the same root private key, but different passphrases.
It doesn't prevent some vague yet menacing government agent from breaking your kneecaps in order to get the password, but no security system has been able to plug that hole yet.