The disconnect I have with your argument is every mobile OS that is not GrapheneOS (with the exception of maybe the still very experimental linux OSs out there) is a significant step down from a privacy perspective. You’re framing this like the only advantage of GrapheneOS is security, but that is simply not true. GrapheneOS is the only android based mobile OS that has actually done its due diligence to disable or replace essentially all connections to Google. There is no getting around that.
There is much more room on the desktop side of things for many different recommendations for different threat models because it’s incredibly rare for linux operating systems to spy on you. You’re not giving up anything major from a privacy perspective by using fedora workstation instead of secureblue for example. You only lose security. If you switch from GrapheneOS to LineageOS or IodeOS or whatever, you lose a lot of both privacy and security, regardless of your threat model.