Ah, you're right, I missed something. None of my comments explain my testing method. I apologize; this was present in an earlier draft of the initial post and got lost along the way. The question asked was only "Which VPNs did you test?", not "What was your methodology", and I didn't catch the absence of the latter until you asked that in reply.
In summary, for each VPN app, I connected to the VPN and then wiretapped my computer to see if it originated unencrypted network traffic to any Internet destination other than the VPN while operating a variety of core macOS services on the exclusion list, such as Software Update and App Store.
In each case, I was able to witness Apple traffic on the VPN network interface but not on the Ethernet interface below it.
For anyone testing Mullvad, please keep in mind that they make use of the macOS packet firewall layer in addition to the usual VPN network interface, which may complicate my testing procedure if followed stringently as there might not be Apple traffic on any interface, VPN or not, in that scenario. Mullvad context is in another post: https://news.ycombinator.com/item?id=25116863
APPENDIX: Note that, as far as I can determine, existing TCP connections were not reset onto the VPN when it was connected. Since I was inspecting all traffic, not just Apple traffic, I ended up having to restart Slack a couple of times just to get it to switch over to the VPNs. I would imagine this should be studied more closely, since it was a surprise to me.