Everything in this space is so muddled. Deleting the last app from a vendor should erase that data. On the other hand, if you restore your phone from another device, that should never require relogging into anything.
Yeah, last I checked, encrypted itunes backups would keep the "this device only" keychain data. Which would only work when restored to the same device - it needs the UID key from the secure enclave to decode. (I wrote code a few years ago to decrypt the rest of the keychain.)
At one point, google authenticator started marking its entries as "this device only". I don't know if they've backed off on that since then.
After some iOS release though, every app started doing "new phone, who dis" regardless of the restoration strategy, so I stopped wasting my time.