How do we audit a hardware wallet?  Meaning, how do we know the hardware wasn't compromised in transit, and the wallet gives up private keys when connected to the internet?

We can audit open source code.  We can check the signatures of open source code to validate it has not been tampered with.  But how do we do the same for hardware wallets?