In general, why would you expect the OS itself to request permission to access data like nearby Wi-Fi networks, cellular carrier info or similar data? The request would cpme from the OS itself. We don't really understand why this is so consistently misunderstood. If you're specifically enabling a feature like this, why would you be concerned that the OS does what's required to use it? It seems to be based on both a misunderstand of what the Location permission means and how location detection works.
Obtaining location data from satellites is a one-way transfer of information from the satellites. There is no connection or data sent to them. It's only A-GNSS and network location which involved network requests, and GrapheneOS doesn't have network location. It provides documentation about A-GNSS and control over it, but it mostly involves downloading static databases that are the same around the world (PSDS) and obtaining data on nearby cell towers for your carrier which we change to avoid providing IMSI or phone number. SUPL has multiple modes and the normal mode isn't a major privacy issue. Your carrier knows your approximate location when you're connected to their network based on which towers you're connected to and their signal strength, which is part of how 911 location detection works even without help from the phone.