Anything's possible if the vendor secretly collaborates with a government to insert vulnerabilities and lies about it. But what we're talking about here is, given the way Apple has publicly declared how the system works[1], what can a government do with full server access.
Apple states "All of the user’s registered devices display an alert message when a new device, phone number, or email address is added." So no, it's not correct to say key management is out of your visibility.
Apple states "All of the user’s registered devices display an alert message when a new device, phone number, or email address is added." So no, it's not correct to say key management is out of your visibility.
[1] https://www.apple.com/business/site/docs/iOS_Security_Guide....