Unfortunately there does not seem to be an obvious candidate.
I lean towards Passbolt because its primary problem is with onboarding new users, which is a one time issue that is not a blocker when this does not happen too frequently. The secondary problem is not having a mobile application which means copying user and passwords manually from the browser which is inconvenient if that happens too frequently.
The other candidate would be Bitwarden because it has all the desired features and mobile apps. But a self-hosted setup relies on a third party server which makes it vulnerable to all protocol changes. Should clients be released with a new, incompatible, protocol, the third party server may cease to work overnight. As soon as the users upgrade it will break. And it may be weeks if not months before the third party server can catch up. Although this did not happen yet, it could happen next week for all we know. I would not mind taking the risk for myself. But I would not advise an organization to do the same. Data would not be lost but users will have to migrate to another solution and that’s never a pleasant experience. And it can happen two month after the service is installed