To prevent Bitcoin loss, would a merchant need to keep every address (and associated private key) forever?

Yes.

Doesn't that become burdensome?

Not really. First of all, private keys and addresses are fairly small, so they don't take up that much space. Putting them into a database can make access very quick and easy so that's not much of a problem. Furthermore, merchants already have to keep the private keys around in order to spend the coins from those addresses later. It is uneconomical for them to immediately forward the funds to some other storage address as they will incur transaction fees for doing so.

It depends on what "burdensome" means to you. On which level?

Storage consumption? That should not be an issue since a private key's weight is very low.

Backup? If you are keeping your keys on a wallet you can backup them all together, one ore thousands means few difference.

Furthermore you have to consider that you can generate the private keys starting from a seed. So you could make an unlimited amount of addresses having a single seed to keep.

With this technique if your costumers make a mistake and send you what they owes you on an alredy used address of your own you can easily recover the sent amount by cycling throug your addresses by generating them again.