For that reason, the usual trick is to use asymmetric encryption to protect a symmetric key (a fresh one per payload) that is then used for the actual payload. That way you get the speed of symmetric encryption with the benefits of asymmetric ones.
(Though evidently that's not what the PS5 uses here, otherwise it would be useless to read out one symmetric key).
As your sibling post technically notes, asymmetric vs symmetric is a wash, here. To use asymmetric encryption for saves, the PS5 would need to know the public and private keys, so you would be able to extract those and still have the same access.
Of course, there are still advantages to having the symmetric key not be used as is, but there are many solutions other than asymmetric encryption.
And to add to that: you should use as many different symmetric keys as possible as long as asymmetric decryption of the key doesn't overly degrade performance.
First of all, we are talking about on-device decryption, so there is no difference in terms of security whether people extract a symmetric secret key or an asymmetric secret key.
Secondly, yes, asymmetric encryption is slower, so you almost always use hybrid scheme: asymmetric scheme (ElGamal, for instance) for encrypting the symmetric key, and then a symmetric scheme (e.g. AES) for the bulk of the data.
Only in very exotic protocols such as digicash blind signatures or anonymous credentials with "algebraic MACs", you want your actual content encrypted directly via ElGamal or RSA, so that you can do some operations or proofs about the ciphertext — in those cases you can't encrypt symmetrically as that would erase all the algebraic relations.
> First of all, we are talking about on-device decryption, so there is no difference in terms of security whether people extract a symmetric secret key or an asymmetric secret key.
Sure, but we might (potentially) be interested in the encryption part later on too, and having a symmetric key will make that easier (though of course it won't get you past any signature checks.
I've never come across those more exotic protocols, but I'm familiar with symmetric kex under public/private encryption.