They actually already do in the EUDI wallet reference implementation. There, as this is part of a more general ID system, they probably want to avoid that people duplicate or export IDs. In case of a privacy preserving age check, the fear could be that a copied private key could be enough to generate unlimited age proofs, indistinguishable from the original app instance. In another thread someone gave an even lazier argument: the eudi wallet requires hw backed keys by law regardless, and the laziest implementation would be device attestation...