Yeah, github is currently the big cheese. But other forges are still out there and are being used. And since git is an open format, the infrastructure is (a bit) more resilient towards enshittyfication.
It's a battle they are going to lose in the long run. When you write closed sourge code, you make a bet that you're better than all available FOSS developers in the field.
Didn't Excel make a big fuss about python integration when Libreoofice has had that for years?
The dolphinbar has that feature and you should note, that the wiimote sensor has quite a low resolution (I'm guessing 640x480). That was fine for an SD console. For 1080p/4K mouse control: not so much.
That's the first step of escalation. If they don't comply, you can threaten them with/kindly remind them of the italian data protection laws (you'd have to research those on your own). If they won't comply then, you can issue a GDPR request. According to the GDPR, you can always demand your info being deleted. no matter, what you signed beforehand. If that fails: talk to the press and/or get a lawyer.
Then you can file a GDPR claim. That's the last step on the escalation procedure, though. Start with nicely asking the school and if they don't gomply: increase the (legal) pressure.
You misunderstood one thing, though: I don't consider someone forcing me to give up my password to be a valid attack vector. My devices can be stolen and all hardware keys with them. But I woun't get blackmailed to give anything up. Maybe plausible deniability is a good backup, though.
I'd like to go into further detail, but I feel like I already said too much for a non-throwaway account.
I do realize that convenience and security are a two ends of a see-saw. Thank you for the Vera.crypt hint. Even though I don't know if I would use it, it sure sounds interesting.
Without knowing anything at all about the subject, except for where potatoes come from: Can we even be sure that native Americans didn't do them first?
Not if you need any work done.