+1 for what @GorujoCY said, you’re probably better off avoiding web apps and using the Android app instead. Aside from that I’d say you might be overthinking it. The steps you’re suggesting are unlikely to be of much help. Simply using GrapheneOS and a recommended method of obtaining apps will go a long way. The Play Store, Accrescent, Obtanium, and Aurora Store all have their own pros and cons, but try not to overthink it. The apps you need aren’t on Accrescent so to keep it simple I’d suggest Obtanium, which is probably the easiest and most secure method of installing APKs.
If you think you’re likely to be targeted, I’d focus more on other aspects of your phone’s privacy and security. For example, can you go without using a SIM/eSIM and basically use it like an iPod? If not, it’s best that you use a brand new Pixel on a pre-paid plan, all paid anonymously in cash. Never give out the number tied to that phone and stick to VOIP numbers if needed. If you’re trying to sign up for services which require a “real” number you can get a dumbphone dedicated for that purpose or there are some pricey “real” numbers you could pay for online. I think Michael Bazzel goes more in-depth on this in his mobile security guide, but that may have been deprecated recently.