I wouldn't say that I fully understand the mathematics behind input registration, but, as far as I understand, using homomorphic Pedersen commitments adds an additional layer of protection against a malicious CoinJoin coordinator trying to map inputs and outputs. Because hiding input amounts itself during input registration doesn't make those inputs invisible; amounts are anyway revealed once the transaction is constructed and broadcast to the network. Moreover, as you have pointed out and zkSNACKs CEO Max Hillebrand confirmed in this interview:
technically how this is gonna work is that during input registration or at the end of input registration, an API request is made to the chain surveillance firm, and then you see which inputs are not allowed or blacklisted, and these then get a response from the coordinator with, Sorry, we could not allow your coin to be registered because of these reasons.
Inputs are being handed over to a chain surveillance firm even before the input registration phase, so both chain analysis and a coordinator will know which inputs are willing to partake in a CoinJoin transaction. In other words, users' identity is compromised beforehand, and other anonymization techniques used during actual CoinJoin don't make much sense.
"Mixing directly to a hardware wallet" is not what I meant. But it's good to know that such an option exist.