Maybe the answer is to put whatever the banks etc need on something like a smartwatch. Smartwatch + phone is better than two phones IMHO and they're so tedious to use/install anything on that it reduces the attack surface for hackers etc. Tap to pay or digital signatures or identity, passkeys etc via a smartwatch interaction seems like a good use case. Sort of a souped up yubikey. I don't know how good biometrics is on watches nowadays but my Pixel phone has some sort of camera behind the screen to read fingerprints so I can't imagine its impossible. Even adding a capacitive pad on a band seems plausible. Who knows, I don't feel like biometrics have been a real focus of design in the smartwatches I've used.
Personally, I have found smartwatches fairly useless (I do enjoy the activity tracking and notifications but that's not much really) so freeing my phone from bullshit by moving some functions to a watch could increase the value/utility of a some sort of smartwatch. Ultimately, it doesn't need to be that "smart" even.
Still, the problem is that if you go this way, you'd have to put almost all useful functionality of a modern phone on a smartwatch, at which point you could just ditch the phone.
It's not just one tiny use case that's pushing us down the road of increasingly locked down devices. It's most use cases - because no matter the service, it's more profitable for the provider to control what you can and cannot do.
I don't think that's actually true? That's like insisting all useful functionality would have to be moved to a smartcard/yubikey/bitcoin hardware wallet/TPM etc. The main reason this is an issue is to prevent emulated hardware tokens. If you can disable secure boot, you can emulate secure elements and then things that others (i.e. your bank, government, etc) believe are carefully controlled secrets are not.