I think the disconnect between you and GitHub support is that you're positioning this as a problem of proving your identity whereas for GitHub support it is a policy. The GitHub policy is: you lose your 2FA, you lose your account. Verifying your identity is not relevant. GitHub provides extensive tooling to protect your account (multiple methods of 2FA, recovery codes etc.) and so from their perspective, while this is deeply unfortunate, the policy is very clear and allowing you access to the account would be a major security issue (not for your account specifically, but for GitHub as an organization).

edit: https://docs.github.com/en/site-policy/other-site-policies/g...

These (for good reason) draconian policies are the reason I am still hesitant to embrace 2FA. I understand the significant improvement in your security posture, and I would not want someone not-me to be able to reset my credentials. But the failure mode is just too catastrophic. You lose one thing and you are shit out of luck.

We need something better. I don't know what it would be.

Part of the problem here is that there is no prior association of an identity with an account. So proving who you are is somewhat irrelevant since even if the account has your name, email, and photo, that's no guarantee that the account was created by you. If identity verification were required ahead of time, then perhaps verifying identity after loss of access could be reasonable recovery method. But of course there are many reasons why requiring such verification is problematic.

Someone high enough in the food chain at GitHub can override that policy at their whim. I have personally had my day saved by that very "loophole" in another "lost access to an online service" situation in the past.

I'd assume that there is simply no "ok, this individual got released from prison and can proof everything" policy in place, and that might be the real issue here. Big organizations begin to tumble once you request something where there are no policies in place.