But I guess if you are like me, and are getting to that level of paranoia, then the best option is probably going to be to ignore hardware wallets altogether and use an airgapped computer instead.
I look at it more as OP-Sec then paranoia. Going with the assumption (yeah I know assumption) that a trusted user here is a low risk source for supply chain attacks then it is IMO somewhat easy to be invisible.
Disposable email -> new account -> contact shipper-> give info -> send BTC -> wait for delivery.
It could be you contacting the shipper, it could be theymos, it could be anyone, does not matter they would just need a name and address to ship to.
Taking about edge cases here, but still interesting to throw ideas around.
-Dave