I’ll just comment with a simpler and in my opinion a superior solution:
Use Ente Auth. It should tick everyone’s boxes unless you have peculiar needs.
Edit: I just read the rest of your post.
I mean, if your threat model is that high - then do what you need to do to ensure the privacy and security you want. But really, Ente is great and works well. I don’t think you should be concerned about whatever it is keeping you from using Ente Auth.