It's great that recovery codes exist, but the security model can't rely on them. Unused email accounts get deleted, yubikeys get lost or reset, relatives lose documents, passports get renewed, house fires and car accidents happen, time passes, etc.
Any critical procedure needs to be exercised regularly to ensure it's still working. Normal people don't do that with recovery codes.
All of these things can be mitigated by a little care and attention by yourself.
What you are really saying is you want a way to be able to recover your account thats easy, quick, and you dont need to think about it. Unfortunately strong security will never be any of those things.
Any concept of "strong security" that doesn't consider losing access to be a security issue is, at best, amateur.
If a state actor can't access your email, but you also can't access your email (and receive notices of login attempts, password reset attempts, server intrusions, etc.), then you absolutely do not have a good security posture.
It doesn't matter how you want to describe it, keeping recovery keys available is an ongoing maintenance burden that most people aren't going to do perfectly. It's not appropriate to blame users for reasonably foreseeable problems with a fragile system and lock them out of their bank passwords.
Any critical procedure needs to be exercised regularly to ensure it's still working. Normal people don't do that with recovery codes.