Thanks for the feedback! I will update the notes (I cannot check / verify the static password packages on my side)
Interesting, I recreated the templateVM and tested the KeePassXC appVM with Challenger Response. My tests confirm the need of policykit-1 but no need for libblockdev-crypto2. Could you please double check on your installation?
Btw, do you have split-ssh with KeePassXC? If yes, I would appreciate some support to get this issue SSH client with KeePassXC based on a minimal Debian template fixed.