Are there any use-case for those SSDs with hardware-based encryption? Is it a good idea to use one of those over software-based encryption?

Yes. Same use case as any removable drive, but encrypted. And the encryption is system-agnostic, so you don't need any special software on the system to mount it.

I don't trust any of those SSDs not to have backdoors, it's not even a hypothetical, we know that hardware encryption on SSDs have been broken in the past. In fact, I wouldn't even be surprised if the manufacturer is just storing all the keys they bake into the SSDs, why wouldn't they from a business perspective? At least with software encryption you can audit the code and the keys are actually generated randomly on a computer you own.

Also, if your SSD hardware fails, it could become impossible to decrypt any recovered data because the encryption keys are likely stored in the processor with no way of getting them out (and no manufacturer who is secretly storing the keys is going to blow their cover by helping you recover your data). With software encryption, you can back up your encryption keys and will be able to actually decrypt the raw data you read from the drive.

What about https://certification.oshwa.org/de000007.html then? Audits like https://www.nitrokey.com/news/2015/nitrokey-storage-got-great-results-3rd-party-security-audit have been done and you could run your own.

From going do the rabbit hole with recently learning freebsd. Is that every good brand nvme ssd has a default password for hardware encryption and you can use certain software to change the default encryption key. However basically everywhere i read online said that hardware based encryption is rarely/never implemented correctly. So an attacker still can most likey retrieve data from the ssd, so basically software encryption will always be more bulletproof. Because people can steal your ssd or clone it and all data on it is useless without a header and key. If using full disk encryption, So basically software based encryption will always be alot harder to break than hardware encryption.

Not sure of the pros, I only see cons...

With software encryption you get updates in case vulnerabilities are discovered and such. With hardware... I guess you might get them if you think to check for them? That sounds like a pain though. Also if the algorithm used suddenly becomes obsolete because of new discoveries, you're now left with a very expensive unsecure disk?

But I'm not very knowledgeable in encryption so I might be wrong.

SSDs can get firmware updates like anything else.
- Not if the vulnerability is in the hardware circuitry implementation.

Check Nitrokey Storage 2 but note that 16GB will cost you 100EUR and 64GB 200EUR which makes for an expensive USB stick. That means it is ONLY for things you want encrypted. It's not for your stuff you could download back from the Internet (obviously) but also not for your holiday pictures. It's for the very few things, like your SSH keys to access other machines, that truly matters. In such cases then IMHO then it's actually a lot of space.

That being said it's :

open source open hardware https://certification.oshwa.org/de000007.html
hardware based (Storage encryption: AES-256, CBC mode / Secure key storage: 3 key slots, RSA 2048-4096 bit, ECC 256-512 bit)
made in the EU (Germany)
supported by NLNet https://nlnet.nl/project/Nitrokey/

Details https://shop.nitrokey.com/shop/nitrokey-storage-2-56#attr=2

I was thinking more of like a Tamper-Resistant Boot Drive with a computer being Full Disk Encrypted, And I basically phisically carve my signature into the Hardware-Encrypted drive and always check to make sure its mine and that it hasn't been replaced, then I unlock it in Read-Only mode, then I plug into a computer to select the bootloader on the USB drive to turn on the computer.

Basically its a Evil-Maid-Resistant setup.

Of course, someone with actual NSA or FSB skills are gonna get in, but its just so the average script-kiddie can't just download some tampered bootloader online and easily replace the bootloader.

And also I can store like a Linux Distro and Windows installation media on there and know its its much more difficult to tamper with.

Does this work against the threat?
- the average script-kiddie can’t just download some tampered bootloader online and easily replace the bootloader.
  
  Can you provide me with an example of that threat with which setups are affected by that?

I have a related question: Isn't hardware-based encryption faster than software-based? Or is that just an assumption on my art?

The short answer is that: all other things being equal, it will always be faster and cheaper to do things dedicated in hardware. Comparing one implementation to another, however, is always going to be an "it depends"
- An example of this:
  
  Bitcoin mining started on cpus, then moved to gpus, and now exists on dedicated asics.
  
  A $200 GPU vs a $200 ASIC, the ASIC is going to be a faster sha256 calculator
  
  A $2000 GPU vs a $200 ASIC, the GPU is going to be a faster sha256 calculator
  
  A $200 GPU from today vs a $200 ASIC from 10 years ago vs a $200 CPU from today?... You get the idea.
  
  There's no way to know without specific details which will be faster. You could be running software encryption on a raspberry pi from 5 years ago or the drive could be running an encryption ASIC from 10 years ago, etc
Most software has hardware acceleration. AES has been in Intel processors for over a decade, for example.
Probably not by much, since CPUs have had hardware acceleration for AES encryption for a long time now.

I always prefer software over hardware for encryption, RAID, etc.. Because it's portable and not tied to a specific piece of hardware.
That's almost always false unless the hardware is faster and thus more power hungry and hot than your CPU. That's rarely true. Some fpga accelerator? Maybe. GPU/TPU? Sure. Your hard drive? Not a chance that it would have even remotely competitive processor.

The point of hardware acceleration is usually that your CPU doesn't need to do a task so there's less CPU load and it can spend that time running applications or respond faster.