At the end of the day it is a matter of preference and convenience. Is it safer to separate them? Absolutely. Is it as convenient as keeping them in one place? Absolutely not.
So, pick your poison. Personally I have my MFA tokens in three separate locations, two self hosted server applications and in a mobile app (2FAS Auth). More for fallback/backup reasons. Having them in my password manager is just too convenient.
Well, there is in the EU, but that does not help anyone not here.
An unlocked boot loader is something that would have to be forced from Apple’s hands like sideloading was in the EU. No way in hell they would pursue that on their own.
Rapairability is a point that bugs me as well, hoping for right to repair laws in the EU to force all manufacturers to make the devices better in that regard.
In regards to stock systems, I agree.
Been stuck in the convenient ecosystem for a while, and I cope by telling myself Apple makes the bulk of its money with hardware and services. Not ads like Google. But if I would start over from zero, I think Graphene OS and Linux would be the way. But migrating the whole family away from our current Apple line up - I dread that challenge.
Do you have requirements for the WiFi Standard?
Do you want to build up a new system or adding to your current setup?
For the price point you could look into the AVM Fritz Ecosystem. Their Mesh solution is quite hassle free and for 200€ you could get WiFi 5 capable devices on the used market.
Not sure how well they work with other brands, so you might want to invest in a FritzBox and FritzRepeater (should be in the budget used).
Anything above WiFi 5 could be out of your price range, especially new.
Ubiquity APs with WiFi 5 could be in your budget, even new. Look into the AP HD. You will need a controller installation though, weither on your desktop or on a NAS, Server. You do NOT need to buy an appliance from them for management. They do not make it clear on their website.