Good post. Your mention of the database incident and your comment of “this wasn’t the junior developer’s fault since no proper company uses its production keys for the on-boarding process and documentation” is spot on. In fact, most of the items you list in this post should be handled at the organization level rather than at the developer level… at least, in all but the smallest and scrappiest of startups.
For example, pre-commit hooks should detect and prevent the committing of private keys to source control. And of course, the organization should have an automated pipeline that runs tests, quality checks, security checks, etc.
In other words, no organization should let its junior engineers make any of these mistakes. This is still a great checklist, and any junior engineer who finds themselves in an organization that doesn’t already handle any of these items should raise it as an issue (and perhaps, volunteer to solve the issue themselves).