1) 'they just want to make money' - of course, that's what companies do. They have to pay their employees, their researchers and pay for security audits, for the whole infrastructure and much more. They need to make a profit to survive.
There's a big difference between selling devices to make money and selling out their principles of being in control of your own keys and coins.
That's true, indeed.
2) 'if they add feature X, I need a new wallet' / FOSS solutions keep working the same for years to come - Obviously, you can choose not to update if you don't like a feature. Further, many criticized features are only in the software suite on the host. Good wallets should support usage with Electrum or Sparrow, so by just not using the wallet's 'original' software, you completely avoid the issue.
Choosing not to update leaves you open to security vulnerabilities, and often you have to use the manufacturer's software to update, so there is no avoiding it. And there are plenty of features I can think of being pushed to hardware wallet firmware which I absolutely wouldn't want on my hardware wallet, such as support for various useless altcoins, games, ability to take screenshots, etc.
I guess then we have to make sure when buying new hardware wallets, that both the firmware and the software used for updating are open source, easy to read and modify. For instance, there could be a community-made script that fetches the latest Foundation Passport source, removes the games and compiles it.
Of course, also pressure on the manufacturers helps. For example, Shift Crypto offers a 'Bitcoin only' firmware that I believe can also be flashed to the 'Multi' edition (irreversibly).