No 3rd party is responsible for anyhting. You as an app developer are responsible for the code you are shipping. That is why you also have to add the privacy manifest yourself if it's not provided by a 3rd party.

Here on Reddit is something shared by an "associate professor of law" who works "with the DSA and EU tech law in general" specifically for the confusion of several iOS indie devs. https://www.reddit.com/r/iOSProgramming/comments/1bklvcx/important_please_read_this_legal_info_if_worried/ He also did put together a small "quick guide" linked there. But again: This is no legal advice at all neither by me or him as he mentioned there. Developing my own apps is definitely not my main income but I do make a few dollars with IAP. It's a hobby right now besides my full-time job but I also would put more work into it when I see a good reason for it. So personally, I would identify myself more as a trader than a non-trader from all I have read so far. And I also got a Postbox just for this purpose. If it's not accepted I will probably leave EU market (although I am an EU citizen).

In case it helps anyone: In my currently used Xcode version (15.2) I could tap on any ssh errors inside of the build log. This opens a modal for me where I can select any other key.