Sinai I am not an expert on all things mobile security and privacy (S&P) to say first, just your average user. But over the last few years and mainly just over a year of using GrapheneOS my understanding of S&P related things has changed drastically. I used to be just as paranoid as you are (and don't take it the wrong way). In my approach to personal S&P I have have taken following steps.
I have dumped the desktop environment. After a careful, deliberate and lengthy consideration of all alternative mobile OS's I have made the right decision of choosing GrapheneOS on supported device. Verified my installation. I have not tampered with installation, system files, have not rooted my device to gain additional features. I have developer settings enabled with sole purpose of viewing running (and cached) processes. I subscribed to stable updates for the duration of device support. I have no intention of using it past support period and get new supported device when it ends. That's OS out of the way in short.
I live on my own so I am pretty sure my home does not contain any tracking or monitoring equipment. But in your case you might consider doing a complete sweep of your property for any such equipment.
I use a physical sim card for the lack of trust in Google Play Services without which e-sim is out of question. All my internet traffic is encrypted by trusted always on (block connections without VPN) VPN service to avoid being snooped on by my ISP. When I am at home, I connect through my home WiFi router.
I use Vanadium for browsing, refuse cookies by default. Where I can't proceed without accepting, I stay away. Wherever possible I use websites for services like email, banking, booking, shopping etc. But generally I try to use as few services as possible to keep me going (online data breaches). Lack of Google Play Services means some notifications are not provided but I like this proactive approach rather than reactive where you act upon notifications, resulting in more frequent interactions with your device.
I do not use Bluetooth and WiFi scanning. I use standalone semi dumb smartwatch that doesn't connect to my device. I don't use location services apart from rare moments when I need it via Vanadium (OSM).
I have very few (absolutely necessary) apps on my phone. I backup data onto USB stick which I store in safe place or use Proton Drive in rare moments when I need to upload and share something.
You may think the space I operate in is pretty limited and restricted, but I can access pretty much everything to allow me smooth sailing through life. And I hope you can do the same too. Many things I haven't touched upon for the lack of time (plague of a working man).
Have a good day, keep positive attitude, great things come from it.