even better would be a solution that didn't require even proxy or direct government log in.

like if you could be issued an E-id that could perform a local signature/challenge-response that allowed the site to confirm an age bracket (like 12 or below,13-17,18-20, 21+), assert the entity that issued the id but not assert a stable identifier (not even pairwise) and not pass any data between other parties.

Obviously not foolproof, credentials can be stolen (same in your scenario) but the site doesn't need to care, they should be legally in the clear. Basically it would let you anonymously assert your age.