I'm drawing a blank; why would it be easier to rotate wg keys than ssh keys? They're both asymmetric keys that fit in one line of text, which should be generated on the client and then have the public key uploaded to the server(s), and which can be dynamically loaded at runtime. If anything, I'd think ssh was marginally easier because it supports CAs out of the box and you can just have your auth system dynamically signing the user's certificate.
