Most of these features are to do with privileged features in Google Play Store (Play Protect) and not Android itself. Means nothing to GrapheneOS:

https://security.googleblog.com/2024/05/io-2024-whats-new-in-android-security.html?m=1

The "live threat detection" is just trivial antimalware scanning based on heuristics for known malicious behaviours of installed apps, such as asking for accessibility services or device admins and other unnecessary permissions. Google calling it "AI powered" is it at best disingenuous. People falling into scares for it would also be the same people falling for such corporatespeak.

The "unsafe connection detection" appears to be about the feature of detecting fake cellular base stations or when their cellular network connection is unencrypted. This is a good feature, but ideally you wouldn't want to be using the cell network at all.

The "side loading restrictions" are already a thing since Android 13. What this means is apps installed in certain ways (like directly from an APK) are considered unsafe installs and are automatically blocked from accessing certain dangerous permissions. Currently apps through modern app stores don't have this and if you downloaded it anyway you have to go through a semi-hidden dialog to activate their access.

A future Android update is adding enhancements the feature to provide a whitelist of sources where only apps from said sources can have such permissions without the ability to allow any from outside. This is enforced by an XML file in the system partition and so GrapheneOS would just change or not use it.

App devs should never use such permissions unless they are absolutely necessary if they care about user freedom because they are an attack surface risk and can be very dangerous. Accessibility services allow an app to make inputs on your behalf. This is also why Auditor detects when there is one in use and you can see in audit results.