My point is how can I use my Bitcoin Core 0.23 on an offline rPi as a signing device and my Bitcoin Core 0.25 on my laptop such that any of the two can be compromised or both by competing parties without my funds being at risk?

The anti-klepto issue is not a hardware wallet issue. It's a PSBT issue, too. If I export a PSBT on Sparrow and get back the signature, I don't know if a coldcard signed it or a bitcoin core. Both can be compromised so both should use anti-klepto as only then the Sparrow instance could protect me from the signing device.