If the remote resource works via HTTPS, it does not matter at all how many compromised proxies are on the way from you to the node - HTTPS guarantees protection from MitM, provided that you do not do stupid things (do not install left-handed certificates and check the certificates of the sites you work with for validity All kinds of
bad things can happen with HTTP, but what sane resource in the 2020s is using HTTP?

It doesn't quite work that way. With symmetric encryption, yes, you must exchange keys through a trusted medium. With non-symmetric encryption, there is a public key and a private key, one of them encrypts the data, the other decrypts. For example, you publish the encryption key, anyone can encrypt the data, but only you can decrypt it back. If I give you an encryption key through open channels, then you can be sure that only the person who gave you this key can decrypt your message (while maintaining the secret of the private key).
A mitm attack can be implemented here, when the key is not passed to you by the final recipient, but by an intermediate one. For such cases, a trusted third party is introduced, the trust of which is established "preliminarily".

that is, the keys are visible to the provider during our initial interaction

No.
Google "asymmetric cryptography". It is just invented to establish a connection over a listening channel. At the moment, it is impossible to break https directly, which is why all sorts of tricks are used with the installation of state certificates :)
But with the torus, the example is unsuccessful - in itself, using the torus already marks you as a person worth following...