key generation – Why we are still required to move the mouse when generating the keys in VeraCrypt?

I think you need to look at the history of the codebase to understand why it’s there in the first place. VeraCrypt descended from TrueCrypt, which was built at a time when the CSPRNG in Windows used an unspecified method of generating data:

Because CryptGenRandom is the de facto standard CSPRNG in Win32 environments, its security is critical for Windows users.

The specifics of CryptGenRandom’s algorithm have not been officially published. As with any unpublished random number generation algorithm, it may be susceptible to theoretical weaknesses including the use of outdated algorithms, and a reliance for entropy gathering on several monotonically-increasing counters that might be estimated or controlled to an extent by an attacker with local access to the system.

As to whether it’s still necessary by today’s standards, well that is obviously a matter of taste. I managed to find a high-level statement about CSPRNG in .NET. I’ve been unable to uncover any sort of specification for the CSPRNG built into Windows, after about 10 minutes of searching through the Microsoft documentation.

Here’s a good discussion about CSPRNG for readers that have yet to consider this aspect of information security: Pornin 2010 https://stackoverflow.com/a/3532136