Just to note : while CalyxOS does not support as many devices as Divest, Calyx supports bootloader re-locking on all their supported devices (there were several devices supported by DivestOS which didn’t have information on whether the bootloader could be re-locked or didn’t have bootloader re-locking).
EDIT : Replying to the whole post -
DivestOS also supports 8 Motorola devices, but no one complained about the bootloader unlocking requirements for these devices despite DivestOS being recommended for the longest time after CalyxOS was removed…but I’ll let that slide.
And while CalyxOS isn’t hardened like DivestOS, now that DOS is dead, Calyx and Graphene are the only two Android OSes that I know of that follow most of the basic best practices when it comes to Android security - bootloader re-locking, shipping user builds and not userdebug builds, shipping updates monthly and within 2-3 days of release etc. [Again they differ in areas like compatibility layers for Google Play Services. Even there, CalyxOS has restrictions on microG’s signature spoofing.]
As for concerns with microG’s compatibility with Play Services dependent apps, this has improved as well and it will keep growing. As I mentioned above your post, microG now supports Play Asset Delivery and In-app Billing.
There are only 2 viable options left now. I say it is better to list both of them, one for Pixels and other for non-Pixels at the very least.