Sadly, many BLE keyboards on the market today are still not using the LE Secure Connections feature during pairing. The LE legacy pairing algorithm does not use Elliptic Curve Diffie-Hellman Key Exchange, and is easily susceptible to having the encryption cracked via passive eavesdropping.
I don't know of any because I haven't tested too many, but LE Secure Connections has been around since the Bluetooth 4.2 spec, which was adopted in 2014. The feature is supported by most single-mode BLE chipsets / stacks that have been released since then. I'd be surprised if there were none that supported it, though I don't know for sure.