I disagree with “Just restart GrapheneOS”, especially after having read this post. I would feel safer in situation A where I have a cleanly slated device and I deny giving US CBP access …
as opposed to situation B where I have an extremely personal device (since that’s ultimately what phones are nowadays) and I deny giving them access.
In the post, the security researcher was pressured into giving security access, which I guess someone can argue and say that you simply should not pop under that pressure. Thing is, you will never know what you might do in that situation. In the security researcher’s position, he popped.
Some people have the balls to stick to their rights, some people don’t, and you don’t really know which camp you’re in until you’re in that situation. So when people eventually encounter it, would they rather be in situation A or B? I say A is a better choice.
Sadly, not everyone can afford privacy protections like buying an entirely new phone. 
So that’s an issue… The security researcher also mentioned that they said “you can write down your password and we can do this the easy way or we can do it the long and hard way.” And I assume that the “long and hard way” might involve lawyers of some sort (which also requires money, unless there is a pro bono lawyer given) and a lot of time on your hands, which again not everyone can afford/have access to. 