So just to clear up my understanding: using LineageOS up-to-date means you should be safe from kernel and Android bugs, but you're still vulnerable to firmware issues, which would just be... hardware level, like your WiFi chip, CPU, USB-C port, camera, microphone, etc?
Potentially. Google also stills updates AOSP too, so you're not 100% reliant on LineageOS et al for these updates.
There's nothing stopping you from grabbing those blobs out of Google's AOSP images and updating them, but there's no way to ensure the abstraction layers work correctly with them unless you test it.