GraphyGraphy donovxn
I believe this does work as you expect but you are right to observe that apps already installed with Aurora do not show up in the Sandboxed PlayStore (until you install an updated version of the app with PlayStore)..
I just (re)tested your scenario: an Aurora installed app I had not updated, and not showing in PlayStore, was updated with PlayStore and now shows as installed by PlayStore and shows in the PlayStore' Manage Apps' list.
Like you, I first started using GrapheneOS with Aurora. I have used Aurora for some years to avoid needing a Google account (and even on BB OS to get around the lack of GooglePlayStore). However, I have never liked using Aurora Store because I think it would be possible (in theory) for Aurora to install a compromised app. I wanted to avoid this threat when I started to use banking apps and travel apps with credit card payments.
As I think you have also identified, it is very elegant to use a Primary Profile sandboxed Google PlayStore to install and update all apps for all profiles and then push them to a Secondary Profile. The Google Play stuff can be left disabled except when updating and installing. This also works for me using f-droid basic in the Primary Profile and the same too for an old manually installed BB keyboard app which I push out to a couple of secondary profiles.