Well, for that application simply having a small ( easy these days) microcontroller, with a built in SPI interface, that you plug into a normally sealed socket, which then gives you power and a JTAG interface which then loads the new firmware onto the chip. 3 leds on the plug in card, power, busy and then a bicolour led for pass/fail result of programming, so you know to unplug and try again, or that the device is failed and needs replacement. You can then have some security as the target can have protect bits set which are erased with the bulk erase command, then write the new firmware, read back to verify checksum then set lock bits on it afterwards so you can only run the code on the device.
Small low cost micro ( possibly even a LCD display, but 3 lights is easier to use) with some EEprom for storing number of attempts, versions before and after and probably the built in serial numbers ( stored on the built in EEprom of the target so it is not erased with the flash) of the updated devices, so you can get a report of the updates you have done after completion.
Bespoke for sure, but can be fitted into a small package, perhaps with a built in power bank to power up the target if needed to program it with main power off.