The idea would be, use buffers/drivers as sacrificial, so something more important doesn't get zapped. Maybe you're working with a vintage part, or a large logic card you don't want to fry, etc., and exposing a commodity part to errant fingers is safer than risking those.
STM32F1 is hardly precious, and could well be used by itself; it might not last long (years?) that way, or suffer from latchup and need to be re-plugged after struck, but I mean, you're writing the source code and can replace and reprogram it at any time. Probably not a worthwhile compromise here, but sometimes it is, and it's worth knowing the potential consequences.
Some basic clamp diodes (with integrated TVS as these have, or plain diodes and a nearby bypass cap) and series resistor will most likely extend that to decades of stable use. (Do mind to filter and debounce the readings, don't want a random noise blip to register errant keystrokes.)
On a related note, I once zapped a bare FPGA doing keypad duty (similar sort of application, but configurable-hardware based) at full strength for dozens of hits, and it didn't even latch up (or, if it did, the circuit rebounded immediately?). It was only rated 1kV ESD I think, or maybe even less? That's the kind of magnitude you start to wonder about, but also it's the kind of thing that can induce latent damage -- partially vaporized traces, unstable junctions; atomic diffusion over time, and migration under electric field or current flow, can cause spooky behavior, after which maybe the chip doesn't work at all, maybe it's (apparently) healed by soldering temperature, maybe it's discarded as broken then sat on a shelf for ten years then eventually someone picks it up and checks it and it's good as new; you never know.
That should be enough. There are all kinds of ways to do it. Another way I have seen ESD protection implemented is to use discrete transistors as buffers because they are much tougher than IC inputs and outputs.
I would *not* rely on the ESD protection of an IC unless that is an explicit function of the IC, like for an external interface IC. Almost all ESD protection for ICs is about protection during assembly.
Not much reason to use transistors here of course, but if it were something like an LED matrix, the current boost for column drivers is a welcome addition, and maybe GPIOs could sink the rows as-is (via current limiting resistor).
Incidentally, transistor arrays/packs are expensive; don't use them. Quads anyway. Duals are cheap and plentiful though. Or more specialized ones, like the ULN series drivers, assuming you need such functionality.
Default ESD ratings are specified in JESD-something (a coincidence, they're a family of EIA/JEDEC standards), 1kV HBM I think, which is acceptable for assembly work on an ESD-protected bench. With simple ESD controls in place, maximum discharge usually tops out in the 300V range, IIRC.
What's scary is I've seen many devices that just don't specify ESD at all; some manufacturers do specify it elsewhere (quality documents), but many don't even do that. Am I to assume they've followed the (proprietary, non-publicly-available) industry standard, without even having made reference to it? One vendor I actually called up, they had to reach the design engineer to affirm yes, they did. In general, who knows.
Tim