I reported the issue upstream yesterday: https://github.com/systemd/systemd/issues/40951#issuecomment-3999875630
I spent a bunch of time checking through system logs and digging out any bits that could possibly be helpful and added this to the upstream report. Today they closed it suggesting that it's a downstream Debian issue; something to do with apparmor blocking access for some reason, and the problem being "between debian, sups and apparmor".
