No. Because then it wouldn't be a wallet/signing device. The private key is needed for core functions like transactions after all. The best you can do currently is hardware security that prevents extraction capabilities of that information which Coldcard and another certain specific controversial wallet by secure elements.

Trezor doesn't do it because secure elements arent open hardware and there isn't a production one available. Trezor has a lot of hardware vulnerabilities, such as being able to brute force the PIN without any protective measure or rate limit.

Blockstream Jade doesn't either but uses an Oracle functionality or SeedQR to use the private key without actually storing/knowing it. That doesn't fix the issue, only circumvents it by making another device or object be part of trusting that instead.

Obviously as you mentioned they need access, how else can they sign transactions? I think what people need to realise is that the more open source it is the better. Makes life a lot more hard for malicious code to be spread networkwide, there's a lot of people scanning that code to be sure it's legit all the time. Any malicious stuff, I'm hoping at least, that it'd get flagged up pretty sharpish.