I use Termius. It can leverage the hardware-backed keystore in the secure element (StrongBox keymaster) to generate protected ECDSA keys that aren't managed by the app or the OS.
I wish StrongBox could support ed25519 keys but that's not the case at the moment.
I'm not aware of any FOSS alternative to Termius that does the same.