Then Apple users are even sillier than I thought. They should be asked to REMOVE the passcode before any work takes place, or as soon as the device appears functional again (e.g. screen repair). Even if that means by some Apple debugging technique that requires a special cert only issued to Apple repair shops AND the user passcode entered over a USB cable.
However, if you're expecting your data to ever be recovered, from any company, you are going to need to give that company some kind of access to it. At that point, you need to be able to trust them. And I would trust Apple store staff about as much as the local PC World.
Unless someone invents a way to encrypt user files and applications completely separately so that you can just transfer "user_files.encrypted" off the broken machine and onto a new machine and then get the user to put in their code on the new device at their convenience, then there's no other solution.
I must say a thousand times a day that I don't KNOW people's passwords. I just have access to their files or devices. I can't log in as any user, except by resetting their password which is auditable, noticeable, affects THEIR use of the machines AND I can't put it back how it was before I changed the password. I can impersonate their user account from mine (auditable), and I can access the storage medium they have stored their files on. But I can't "be" their user or see their password. Even on iPads. I can't remove the passcode or find out what it is, but I can bypass it by supervising their machine beforehand.
But if you want to repair a random device that involves either resetting passwords (potentially wiping out encrypted files, e.g. Bitlocker), or the user's passwords. NTPASSWD, for instance, wipes out Bitlocker encrypted files for that user when you use it. Any other way in requires a password or hacking equivalent to giving out your password and data.
The solution is to stop building machines that throw user files over several folders, all over internal and external storage, mix them all together for every user (e.g. Program Files, ProgramData, etc.), with no easy way to transfer that configuration to another machine without interfering with passwords, being able to read or wipe out encrypted data and its keys, and that works from any version/machine to any similar version/machine.
But we're still building systems where user files on a single user laptops are stored in C:\Users, C:\ProgramData, C:\Program Files, C:\Program Files (x86), etc. but you can't transfer most of that to another random machine without causing immense amounts of reinstalling, reconfiguring, flat-out crashes and non-working parts, etc.
It's not even true on Linux any more. /etc/ is almost completely non-transferable and picking apart the bits that aren't is a nightmare. /home is a good start for individual user's however. But then you get into /usr/ /usr/local/ etc. and it all falls apart again.
We seriously need to move to a system where every program is entirely self-contained and portable, and every user home self-contained and portable, and the combination of both on any machine makes them "just work". Our "bodge" of the moment is VM's which just carry all the above in one file and then have multiple of them running on some system with the exact same problem.