And that's even assuming one cares about the secure enclave. I am not convinced that any phones exist that one can not unlock the enclave via JTAG debugging.

For most devices, if you have that kind of physical access, and enough technical resources, all bets are off. Most people's threat model doesn't include three-letter-agencies reading their secure enclave. If yours does, you're probably better off not carrying a phone at all.