It is very likely that this is what’s happening
“ This is not an iCloud backup. It’s “Apple ID account and device information”. Keep in mind that Apple is playing a dual role in this case, and you appear to be conflating the two. Of course Apple runs iCloud Keychain, which syncs client data including the private keys. But that’s supposed to be all end-to-end encrypted, including the metadata… But this is not any old passkey: it’s a passkey for apple.com. Apple is also playing the role of server to which the client authenticates. That’s entirely separate from iCloud Keychain client data.”
Apple is very clear on the metadata that is not E2EE, see this.
“You would think that in its role as server, Apple would have only the same client information as any other passkey server, e.g., Github.” That’s valid, but your apple ID is already associated with your device, so I don’t honestly see how it’s a problem for it passkey to be associated with it too.
Passwords and passkeys are E2EE even with standard data protection, and adp doesn’t affect apple ID info afaik, so I don’t think it will change anything