There are so many diagnostic tests that require access to the device in its current state, like the iOS Diagnostics that analyse statistics and usage data accumulated over the course of using the phone. Or Console logs in macOS / OS X that record crash information, some of which is stored in the root of the system and some of which is stored within the user home folder. Some Apple diagnostics look at crash logs on the internal drive and require the FileVault encryption be disabled or the password provided to mount the volume in order to access them.
That's the problem, sometimes I wouldn't be able to diagnose a fault with a machine unless they logged the system in or provided the password. If they erase the device, it also erases the evidence of the fault itself. Sometimes a customer requests an in-place OS reinstall on a FileVaulted drive.
It's within the rights of the customer to decline to allow a technician access to the machine, particularly for reasons such as those that these Apple Store employees have demonstrated. Unfortunately it also means sometimes I can't isolate the fault and the customer leaves with a machine un-fixed.
However if the fault is purely hardware and not an intermittent fault that would require access to system diagnostic logs, then sure, we can boot the machine from another drive and test that way.
That's actually preferable, because I don't want to know what's on a customers' machine. But sometimes the requested work requires that additional level of access to complete.