unobomber oh. My mistake. I wasn't considering phones that have bootloader unlocking disabled by a carrier. I was thinking of phones that already have GrapheneOS on them.
I went into a deep dive on this a long time ago. It's possible the setup is still the same. Pixels with the Stock OS have to check against a remote service if bootloader unlocking is permitted. It's not possible to enable bootloader unlocking with the internet disabled. Blocking the phone's access to the server doesn't work either.
I read online that there is a command that can be sent to the bootloader along with a PIN/password/something, but I was never able to confirm this. I suspect it was possible before, but now (also not sure but suspect) Google and carriers fully rely on controlling bootloader unlocking ability via the aforementioned remote service.
As far as I know, there's no publicly known way to bypass the bootloader unlocking restriction.