A login or logout hook could do this pretty easily.
Check out bombich.com for information about login/out hooks.
Basically the login hook mechanism puts the username into $1.
In pseudo code, the code to add to the login hook would go:
If "$1" equals studentusername
then rm -r /Users/studentusername/.Trash/*
End If
The system runs login hooks with root privs, so there should not be any access problem for the directory.
Admin privs (sudo) are required to add or remove login/out hooks. The script should be rwx for root only and stored in a directory with, at best, only root access.
A login or logout hook is really just a preference setting that points to a script to run (if I recall correctly). Well, that and some code some where responsible for passing the username to the script.
It should be said that the root account does not have to be enabled at all to create and use this hook functionality.
It can be a pretty powerful tool, and as with all powerful tools, test, test, test, then implement.