How do you see that playing out in the medium to long term? Google have made it very clear that they're done with the "open" side to Pixel, and they have comparatively unlimited resource to throw at the issue.
GrapheneOS team have published that they're working with a smartphone manufacturer that is working on releasing a phone that matches their security requirements.
Which is irrelevant because GOS does not by default implement Google playstore and play services that have that limitation.
If Google implements the same play services sideloading limitation in AOSP which is unlikely, it can be removed like anything else because it's open source.
You missed the primary issue OP mentioned, which is that ASOP is becoming a smaller and smaller part of the entire OS, and there's an ever-increasing amount of work needed to make it work on a real phone.
Still, GOS team have confirmed they are able to unlock bootloader, flash custom keys and relock it on the new Pixel 10, so?medium term seems to be safe.
They previously ported Android 16 within 2 weeks on all the supported devices despite obstacles.
That just means that the Pixel 10 meets their security requirements. Porting this time around will require a significant amount more work (if it's even possible), due to various changes in the way Google publishes updates to ASOP.
Honestly, I rate "open" less and less as time goes on. It's a fine principle, but there are other valuable principles (like minimal advertising and tracking, and quality of finish and performance).
I think that the ethics and ill-effects of Meta, Google and the like are significantly worse than locked software ecosystems. Once you've decided that, then you don't want a smartphone at all.
If I had to get a smartphone, I would get an Apple.
Given how many people go to all this hassle for "openness" in their mobile software ecosystem and then install Whatsapp/Gmail/Instagram etc - what is the point?