asdsadsad updates have to be signed with the correct key for the phone to accept them. Like, I can't just try to sideload an update from the Stock OS. It just won't work.
The update/release server doesn't build or sign releases/updates. A "rogue dev" can't do anything. All pull requests are carefully looked at before merging.
You are more than welcome to disable the updater app and update when you wish to by re-enabling the updater app or by sideloading updates.
You can learn how to do both here: https://grapheneos.org/usage#updates-disabling (and the following section on sideloading)