I have a few suggestions:
I'd likely use https://eylenburg.github.io/android_comparison.htm instead of the privacyguides article when saying "There are other alternative Android operating systems, but they don't have comparable security." as while the link above is a table which can't convey a ton of information in detail, it is much more up to date and covers more stuff and more OSes.
Starting with the Pixel 6, Pixel devices will receive at least 5 years of security updates from the date of release.
Should mention that starting with 8th generation devices, they have 7 years of support from launch instead of 5.
Never set up fingerprint authentication. Set a strong password.
This should be revisited once https://github.com/GrapheneOS/os-issue-tracker/issues/28 is implemented (it's being worked on as we speak).
Navigate to Advanced settings in the RiseupVPN menu, click Always-on VPN and follow the instructions.
It's important to note that "Always-on VPN" and "Block connections without VPN" are enabled by default on GrapheneOS.
Software That Isn't On the Play Store
On this section where you mention Obtainium, it might also make sense to bring up AppVerifier, which can be obtained via GitHub Releases (and therefore Obtainium itself), or via Accrescent.
Obtainium has introduced explicit support for AppVerifier so that when you download an app through Obtainium, it brings up the share sheet so that you can share the downloaded app with AppVerifier. This shows you the fingerprint of the signing key for that app, which you can independently confirm in a place that the developer publishes it, or, if it is in AppVerifier's internal key database, it will give you a success message automatically. When you're done verifying, you just go back, and Obtainium then asks you to install the app.
Settings → Security → Auto reboot: 18 hours or less
Given that the article concerns people with a reasonably high threat model, I think that an explicit recommendation to lower the 18 hour default (which we lowered to that from the previous 72 hour default) to something less is advisable. Unless someone needs to be able to receive Signal messages etc. during the night, it might make sense to go lower than 8 hours. When out and about, it might even make sense to set it to 10 minutes, which is the lowest you can choose.
When an app asks for storage permissions, select Storage Scopes. This will make the app think that it has all the storage permissions it is requesting, when in fact it has none.
Recommend linking to the usage section for Storage Scopes here, and Contact Scopes should be mentioned too. Exposing your contacts to apps might be a horrible idea depending on who contact list contains.