It seems to me that this is not really a re-authentication for the purpose of authorizing the protected action (vault exports, viewing master password protected items, etc.), but simply a side-effect of the current requirement to use the master password for all such authorizations — thus, the server is contacted only for the purpose of being able to validate the user-entered master password (in cases such as login with device or login with passkey, in which the client does not have access to master password hash).
So, if the authorization of protected actions is done using another way, then there would be no need to re-authenticate with the server, right?
And this is true of all protected actions, including, say rotating the account encryption key, or changing the KDF settings?