In fact, many times, I've gone to a site for what I thought was the first time, and was surprised to see I had an account already. If I had done a purge, I probably would have deleted a bunch of sites like this. My account would still be there, but inaccessible.
I also use a unique email for every site (via a catch-all subdomain), and in the past couple years, also started making random usernames for any sites where I don't care about the username (eg, no social component). This helps protect me from compromised sites, because I can block the email address if I get spammed by it. I think I've only done that once in the past 15+ years, though spam filters also really make this a non issue for me the days.
That /well-known/ idea is great. There should be a /well-known/permanently-delete, so that my password manager can scrub my old accounts with one click.
I agree with you though, that a well-known url for delete would be good. However, there's likely to be a high correlation between sites that get breached and sites that don't follow best practices, including implementing optional URLs like that.
In general, it's also easy to see why a lot of (non technical) site/product owners wouldn't want to implement that: "why do I care about making things easier for people that want to terminate doing business with me?" Until a majority of users are using a browser/plugin that warns about this ("non trustworthy site: this site does not implement well-known password change or delete account interfaces") I suspect there won't be much adoption, unfortunately. This proved to work well to get SSL widely deployed, so the question is if there can be enough momentum to do it again for these functions.
Starting late last year I went through my accounts and started either deleting the ones I have no intention of using in the future or, if deletion is not an option, sanitizing them. It doesn't take that long to sanitize 10 accounts, and takes even less time to identify whether a website is still online. I've probably sanitized or deleted around 100 accounts now, starting with the ones I guessed would have the most data on me.
I've also been pleasantly surprised by how helpful most webmasters have been with removing or sanitizing PII if they won't let you delete an account.
One notable exception: Airbnb. They claim online that they will delete your account if asked but refuse if you do ask. I had no intention of using Airbnb in the future, but now I'll actively discourage others from using Airbnb.
Smaller sites generally have people on hand and are still human enough that they will at least try to accomodate you manually if needs be. And if they're being annoying with you, and you are pretty explicit about the nature of your request, specific about your rights under GDPR, etc they'll either get scared enough to do it, or figure you're not worth the trouble and do it so you stop complaining.
Really the most annoying services I've dealt with GDPR-wise are in fact large corps with EU presence (sometimes EU-only!), that just don't have enough human elements in their chain to talk to you like a person. And this is something where it's very comforting to know you do wield a lot of legal power to rectify these issues.
I've only discovered (ironically) the .well-known scoped routes with LetsEncrypt, and more recently with Keybase's validation  and security.txt , is there a global registry that lists initiatives that make use of this route ?
 https://www.troyhunt.com/everything-you-ever-wanted-to-know/ (warning, some NSFW content)
One of my pet peeves is a site that lacks a 'Delete Account' option.
I really like this "well known" "change password" scheme... Hopefully that gains traction!
I have yet to prove that I am European when submitting requests for data and removal.
It's a bit different for the companies that operate using a SSN of course.
LastPass's UI has much to be desired and is quite buggy.
Dashlane has a nice UI but I find it much too slow and there were times that their extension would just freeze my machine (tried multiple devices). Also was quite buggy too. Not the cheapest either.
Bitwarden seems pretty solid though, it's cheap for the premium service. Has a nice UI too. Their iPhone/Android apps are decent also.
Most accounts I use a few times a year I don't care for the overhead of remembering of dealing with a password manager to save me a few minutes every year.
Yeah, it costs a bit and requires some understanding, but at least among the HN crowd that's not an unsolvable problem.
Lot's of people seem to be concerned over the "single point of failure" that provides, but honestly for most of these accounts if I lost access to them, then I'll just make another. Heck my username is admax88q because I forgot/lost the password to admax88.
I really don't care if worst case I have to make new accounts for Newegg/Aliexpress/Amazon/Medium/reddit/HN/twitch/dailymotion/(insert random startup app I'll probably only try once)
I do agree that it's inconvenient to have to switch to another tab/window whenever you want to log in though, this is a problem solved with password manager browser extensions.
The problem is that every implementation is 99% the same and 1% WTF, so the concept never caught on. So now we have FB and TWTR and GOOG and no other options.
There are also tools like https://indielogin.com that make it easier to add support for that to your own site.
This setup is free and more secure than a cloud-hosted service. It also never goes 'down'.
I honestly think it's irresponsible to not use one these days...
Just another person looking for something to complain about.