Its not hyperbolic. I wrote the policy for my company's phone policy. If an employee wants to access any company resources from their personal phone (optional) they must submit to a phone audit. The audit is a checklist of security best practices including verifying that the phone is receiving security updates for the OS. So if they need a phone for work, they either upgrade to a newer phone or carry a second phone with security updates for work purposes. Either way they have to get a new phone. What else would a company do? You can't just have employees storing credentials for company accounts on a device that is likely to get pwned.
Personally I don't see how anyone could justify having an out-of-date phone. Assuming you have it configured to read your email, it becomes a gateway to every account you own, which can have its password reset over email. MFA might help as long as that MFA isn't an app on your phone. But most websites don't support hardware security keys. If you care enough to have a dedicated TOTP device, then why would you want a phone with no security updates?
This use of "forcing" does not require bricking the phone. Creating a situation where the only reasonable choice is to upgrade the hardware qualifies as "forcing" in my opinion. The phone is no longer capable of performing the job for which it was designed in a safe way.
Google isn't holding a gun to anyone's head or intentionally bricking devices, but if you use your phone for work (or it's a work-issued phone) and your employer requires you update to the latest security patches (enforced via MDM), the Pixel 3 is now useless.
And you're probably thinking "oh but this is an old device, just get a newer one for work." True, but consider that Pixel 6/6 Pro users got screwed over when the December update was yanked [0] and the January update got delayed for them [1] - while it was good for most users not to take the buggy update, anyone whose device had those security requirements ended up getting work-related functionality disabled.
Of course, the companies that set these policies are generally ones who will not make exceptions, so even though you had the latest and greatest from Google, you couldn't use it for work for several weeks until they finally pushed out the January security update.
"People who have MDM-enforced security requirements" might not be a large part of the smartphone market these days, but every little bit counts when it comes to reducing the volume of e-waste that usually ends up being dumped in third-world countries.
That's a bit hyperbolic. Your point stands, otherwise.