That's because they're the only ones that meet the project's requirements at the moment, but that may soon change soon. Maybe you've seen the news that the project is in talks with an OEM for them to meet the requirements and have official support for GrapheneOS for some of the existing devices.
This could prevent my next phone from being a Pixel.
But it doesn't make sense for them to do that. They can't just sell devices promoting them as "unlocked" then brick people's phones or locking them out so they can't access their data down the road.
Now, I agree that the long term future of GrapheneOS, if it has one, probably isn’t Google hardware.
Maybe, maybe not. 10th generation Pixels can be supported, so it'll be a while still. But GrapheneOS is in talks with an OEM and it's looking likely that they'll have official support for GrapheneOS for their devices soon enough.
Well I suppose they could? But then how would that end for them? They sold devices with unlocked bootloaders. Changing that might get them in legal trouble. I'd think if a device is sold unlocked, it'll remain unlocked.
Well, the fact is it is impossible to target someone with a modified update. The update client sends no IDs to the server, it just fetches static files and determines whether it needs to update or not. The server only has static files.
That would be very obvious in the code. And how would devices be targeted if GrapheneOS project members don't know the unique IDs because they're not sent in the first place? There are also community members who build GrapheneOS on their own and check if the builds match because GrapheneOS builds are reproducible. It just isn't possible. But even if people don't believe all of that, they can still disable the updater app and sideload updates manually. Instructions are on the website.