The instance that describes legal hacking is:
Penetration testing for a company.
Penetration testing is a legal and authorized process where security professionals test a company's systems to identify vulnerabilities, typically under a contract or agreement.
Grey hat hacking could also describe instances of legal hacking, as grey hat hackers may exploit vulnerabilities without permission but often do so with good intentions (e.g., to disclose flaws to the organization), which may or may not be considered legal, depending on the circumstances and local laws.
In contrast, looking for security risks on a product excluded from a bug bounty program would generally be considered unauthorized testing unless you have explicit permission from the company, and stating "Security hacking is never legal" is incorrect, as many forms of hacking (like ethical hacking and penetration testing) are legal when conducted with permission.