Can somebody take the transaction tx0 I signed and publish it in order to spend the new coins with the old transaction?
No.
Firstly, the transaction inputs are already known to have been used. Any node examining the block will know that the rerun transaction has invalid inputs.
Secondly I expect (but haven't checked) the inputs to the signature include both addresses. This prevents the signature being misused in the way you suggest. (See Murch's clarification in comment below)
It may help (if not you, some other readers) to remember that bitcoins don't exist outside or inside the blockchain. The only thing that exists are transaction inputs and outputs. You can't use a signed transaction with inputs A,B and C to use inputs D and E. The signature prevents you altering the signed contents without invalidating the signature.
how is it that address reuse is not directly forbidden? if not, can you detail why?
Addresses can be reused. The most obvious problem is one of privacy. If you give someone an address so they can buy $0.01 of tent-pegs from you, they can then see on the blockchain that you also received $300,000,000 recently to that address and go buy a big hammer and come to visit you at 3 a.m.
Small note: privacy is not the only concern, though perhaps it is the most pertinent. Having multiple signatures from the same privkey could potentially weaken the security assumptions of asymmetric key cryptography— though no current attacks are currently known, it is not impossible that one will be discovered in the future. This is a small worry that could be fixed if needed, but worth mentioning. – chytrik – 2018-07-17T22:29:58.280
Do note that there is a small edge case, where if a transaction is signed with
SIGHASH_SINGLE, but the vin given is outside the bounds of the transaction, that signature is valid for any transaction output to that address, past, present, or future! – Raghav Sood – 2018-08-02T11:09:56.737It may help to clarify that the utxo is identified uniquely via the outpoint. Strictly speaking the signature doesn't commit to the address of the input, but only fulfills the corresponding output script the funds were locked to. In the case of P2PKH this happens to reference the address to identify the intended spender. ;) – Murch – 2018-08-02T17:21:30.343