You are basically describing NIP-46, but the private key never leave the provider, it is just used to sign the events. A particular implementation is https://nsec.app where the provider is actually the user's browser, so it's completely custodial.