Interesting. Many red flags about CalyxOS that I didn't know.

This is especially concerning:

"Privileged eSIM Activation Application

(...)

On GrapheneOS, the app comes disabled and you can optionally enable it after installing Sandboxed Google Play.

On CalyxOS, the app comes installed by default (regardless of whether you choose to have microG or not) and you cannot opt-out. This means that Google still has access to your hardware identifiers regardless of whether or not you need eSIM activation and they can be accessed persistently"

Thanks for educating me.