GrapheneOS GrapheneOS provides substantial defenses against exploitation along with attack surface reduction features such as the USB peripheral control feature you mentioned.
The USB blocking feature on GrapheneOS is similar to "USB Guard" which is for Linux, and blocks connections from unknown USB devices. There's also something called "USB Kill", which is similar to USB Gaurd, except that instead of simply blocking the USB connection, it acts a kill-switch, and instantly shuts off the computer.
Would you be willing to consider implementing a "USB Kill-Switch" feature? A phone in an AFU state could detect an unauthorized USB device, and immediately return itself to a BFU state, making any attack not only useless, but counterproductive.
The attacker presumably wouldn't know about the kill switch in advance, so not knowing to avoid the USB port, the attacker's very own tools could, ironically, be used as a tool for securing the device.