Physical device access is where this kind of security ends. If someone stealing your phone just to get your 2fa codes is a threat vector for you, you should be using different/additional factors.

In any event, as was pointed out, adb needs usb debugging turned on, which needs the device unlocked to be enabled.

You need to authorize each adb key on the phone, so a screen lock prevents this.

No, because you can (and should) disable usb connectivity/debugging.