That's due to regulation, combined with hardware manufacturers correctly choosing to load the firmware by the driver/host, instead of some on-board permanent storage. Note that there are reasonably performance 802.11n cards with non-reverse-engineered open source firmware. They iirc use the ath9k driver, and are the result of the manufacturer opening them up to both Linux and BSD kernel license compatible status. They are great for hacking and there are some with 5GHz support. You have to keep in mind that hacking the firmware might violate the RF spectrum laws, which is relevant as much as GDPR compliance: if they can excert legal pressure on you, and do more than send angry letters and call you in the middle of the night, you have to consider if those jurisdiction's laws forbid your doings.

TLDR: they exist, they are not expensive, they can't do 802.11ac or 802.11ad, hacking the kernel-license compatible source might violate FCC or similar regulations and could well be punished harsh in case someone complains about what you do and you'r behavior is provably non-spec-conformant.

Be careful, and choose your hardware wisely to not use binary blobs. Also I assume you use an old CPU, if you wanna go the linux-libre route. I have a system where I'm not sure yet which OS it will get, but I already (with help, and soldering) removed the Intel ME from the firmware, and might even physically remove the processor that would have executed this, or do this soft and just cut it from power or something.