> well if you have encrypted storage and already need password to get to it, secondary password is of little value

That's only true when your machine is powered off. If an attacker manages to yank files from your disk while it is running, that ssh-key password is the difference between "they stole my ssh key" and "they stole worthless random data".

> use hardware key for ssh

That's the real solution. I don't understand why people still store ssh keys on disk when hardware keys are simple, easy, and significantly more secure.

>well if you have encrypted storage and already need password to get to it, secondary password is of little value

This is not true at all though. What about when you are logged into your computer.

ssh-agent will also be happy to provide the key to git after an initial unlock with the passphrase.