See. I understood the task this way: to protect the management of services, access to which is restored using proof of ownership of a mobile phone. If this is the case, then we draw a diagram from the reverse:
To capture, we need a SIM. To do this, at least you need to know the number of the desired phone. Who will know him? The administrator of the service and the provider's employees will know it, because they see a list of contracts on you. I don’t see the point in defending myself from the service administrator - if they don’t work honestly, authorization using the phone will not save - they will ignore it. The provider remains.
It is enough to draw up a contract for someone you trust - a relative, for example - and you solve the problem. The SIM card will not be intercepted, because they simply will not know which one is needed, and again you can always restore it. And of course, this number should not appear in public in any way and be used for communication, at least somehow connected with you or the project.
There was also a question, one number or several. See what we risk? If one of the services is compromised, attackers may become aware of the number, intercepting which they will gain access to other services. Yes, there is a risk in this, but it will be reduced not just by a few numbers, but by several numbers for different people with the obligatory observance of the rules on not being associated with the project.
P.S. SyavaSyavaright in many ways (except for the manner of communication). Illegal recovery of a SIM card is a given. If we are talking about the Russian Federation, then right off the bat , and in general, google it - you will be upset. Banks (at least large ones) protected themselves from this - before sending the password to SMS, they request IMSI, if it has changed (and when issuing a duplicate, it has changed with 95% probability), then they block the number until authorization in another way.
But these are banks (and even then, not all), we are not talking about online services.

4. All registrations should be carried out on one number, issued officially;
Easier, cheaper + if you can quickly restore access. Why the other options are not entirely clear

If I understood correctly (from the discussion) the goals of the questioner, that is, a good scheme, the card / s are issued to a legal entity ...