The answer that you don't really want is that keyloggers can be very stealthily incorporated into pretty much anything:
Keyboard with integrated keylogger:
https://www.paraben-sticks.com/keyboard-keylogger.html
Less savoury keylogger found in retail keyboard, sending keystrokes back:
https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html
Wifi keylogger in a USB extension cord:
https://www.amazon.co.uk/AirDrive-Forensic-Keylogger-Cable-Pro/dp/B07DCCBBHT
QMK the firmware used on many handmade keyboards is fully programmable. Many keyboards use quite sophisticated CPUs (QMK supports e.g. Atmel AVR and ARM processors) . Adding an sdcard to a mainboard is quite easy.
All of this is fairly irrelevant, because you're approaching the issue from the wrong direction:
since I am not planning on wiring a keylogger into my own keyboard I
feel as though I should be safe
This is assuming that the threat model that IT Security are working with are you being an unassuming victim to something like the second link. The more probable route is assuming that you are a potentially malicious insider, and aiming to use a stealthed keylogger, coupled with standard business practices ("Hey, {Admin}, I need this totally legitimate software, can you just enter your credentials to install it?").
While the first option is something to protect from, the second may also be considered. Luckily for the IT Security team, the solution is simple, known and approved keyboards are the only ones to be used.
Unfortunately, this isn't good for your prospects on this.