Avoid any with ATECC chips. Trezor Safe checks most of my boxes, including being able to use easily with another app.

Or you can use a SeedSigner depending on what you are doing and you would like to include stateless signing devices and not just HWWs.