The request for a phone number is precisely a 2FA mechanism, and that's how it's being used. I don't understand what the bad faith you're assuming on Google's part is. What do they want that phone number for otherwise?
If they're asking for a phone number after they've already decided you're not trusted enough with just your password, that is not 2FA.
If you're not trusted, then any phone number you give shouldn't be trusted, either.
If you're trusted enough to be let in when you give a phone number, then you should be trusted enough to be let in without it, and then asked for a phone number, if one is really needed for 2FA.
I assume this restriction is against automation. As a complete guess on the heuristics: If the phone number you gave them is a "virtual" one, you are out. If it was used too frequently for recovery, you are out. If they are already familiar with it as belonging to someone else who is unlikely to also own the current account, you are out.
With those heuristics you need to provide a "fresh" phone number that likely belongs to a real person and costs real money to purchase and you are unlikely to want to "burn" for just 5 out of 5,000,000 of your automated attempts.
If you're not trusted, then any phone number you give shouldn't be trusted, either.
If you're trusted enough to be let in when you give a phone number, then you should be trusted enough to be let in without it, and then asked for a phone number, if one is really needed for 2FA.