I’m wondering if it isn’t better to just whitelist cookies for the sites I need to log into and not bother with a password manager extension (keepasxc or bitwarden). I try to keep the number of extensions in my browser to a minimum to lower the attack surface. And why involve one more entity in the password story? Are there any problems with using the (1st party) cookies of sites I have signed up to and use to keep me signed in?
You really don’t need to be that paranoid for personal stuff. Use a cookie manager extension like NoCookie, NoScript, uBlock Origin, and isolate with Firefox Containers.
The idea of an “attack surface” from extensions is valid enough, but you can improve your overall security posture with more good extensions thanv trying to manually maintain everything yourself.