Onion Yes, they can bypass the phone being locked and gain control of the OS. Lockdown mode doesn't seem to block them or they'd mention the limitation since this is documentation on using Cellebrite Premium. It's not meant for public consumption and is not marketing material, although their ability to exploit most devices does end up marketing their products simply by publishing it since they're doing a good job keeping up. They probably don't mind us posting it much.
How supersonic BF is possible on iphone XR/XS/11 ? couple years ago checkm8 team found a flaw on secure enclave (up to iphone X) and apparently Apple did the job to remove the flaw on new iphones
There's no sign of Apple preventing exploitation of the secure element. iPhone 12 and later added an additional layer of security for the brute force protection. The main portion of the secure element is probably still getting exploited, it just doesn't bypass this. Cellebrite could therefore still bypass most of the secure element features but they have no need for it.