Currently for 2FA, a mobile number is required as backup for 2FA Apple ID codes. There is no way to avoid this at the moment.
Hopefully, Apple has been aware of the ever-increasing profiles of Sim Swapping Attacks and Numbering Social Security Attacks on Personal Phone Numbers.
Current reduction people are currently using include: setting up their own phone number that you never reveal and using specifically for Apple ID 2FA, another option is to use a Google Voice number because it cannot be sent or swapped.
FYI: Facebook, Google, Microsoft, Amazon all support 2FA account security with App-based authenticators or hardware keys without a phone number requirement.