My goal is to ensure that loss of control of a key should only put one local/remote pair at risk. That makes my answer roughly: "One per local account per remote account group."
I'm a little more flexible when "remote" is also on my LAN or if the remote machines are part of a scaling cluster with identical users.
Each user that uses an ssh client on my machines at home has a single key used to reach corresponding users on my other local machines. If there's a service running behind sshd, that will usually get its own (per local user) keys.
For leased remote machines, I have one key per local user to reach each remote account. My leased machines usually have at least two accounts: one admin account with sudo rights and one app-manager account with limited perms and no sudo. For groups of identical machines/VMs the authorized_keys are usually identical for convenience.
I plan to switch to certificate auth wherever possible once I finish rebuilding my home Certificate Authority.
So come take a drink and drown your sorrows, and all of our fears will be gone 'til tomorrow. We'll have no regrets and live for the day, in Nancy's Harbour Cafe