All true, but what harm can come from it on an 100% airgapped computer that has never been online and has had the hardware to get back online removed?
Because there is no computer system in the world which is 100% safe from attack or bugs or vulnerability, and every additional piece of software present is a potential attack surface. If someone gains physical access to my airgapped Linux computer which is encrypted at rest, then I'm fairly confident they would find it impossible to extract any meaningful data from it. If someone gained access to an airgapped computer with Windows 10 on it, then I have no idea what kind of bugs and vulnerabilities they could exploit. Even just looking at Cortana, there have been a number of serious vulnerabilities (such as
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2018-8140) which would allow an attacker to extract information or plant malware.
Or perhaps vulnerabilities in Windows print spooling software:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34527Or perhaps in Windows media player:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34439Or perhaps in Windows DVD codecs:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1668The list is endless. Every piece of unnecessary software and bloatware is a new risk. If I'm going to the effort of physically removing hardware to create an airgapped device and installing a clean OS, then why would I not pick the OS which is more secure and has fewer vulnerabilities? It's a no brainer.
I had the same argument a while back regarding a hardware wallet which came with Tetris installed on it. Fun, maybe, but a completely unnecessary piece of code and therefore a completely unnecessary security risk.