Quotesquestioner This question is not about trust.
I can understand why you'd want to start off with this, but given the question, I think it actually is about trust, in a way. If GrapheneOS were a new project, then how would you know that you can trust the project? Anyone can throw together a features page that seems at least somewhat convincing. If you spend enough time in the community, whether it's here on the forum or the chat rooms/channels, you'll find that we regularly have people asking for advice about other projects that are known to have issues or are outright scams. So, it really isn't hard to convince people of something. I think you know this and is part of the reason you're asking this question.
GrapheneOS developers, on the other hand, are very open and talk about the pros and cons of AOSP and things that GrapheneOS wants to improve. There are a number of issues that are talked about openly within our communities, but you don't see often in other communities. A couple examples that quickly come to mind are: IPC (apps' ability to communicate with other apps), and apps being able to send multicast packets outside of the VPN (something that was recently fixed by GrapheneOS, but had to be rolled back due to some issues that were encountered). I'm not sure why other projects and the people within their communities don't really talk about these or other issues.
I'd suggest you read through the history page on the website. You will see that the project has been going for a long time and has even survived a takeover attempt. The project continues to be open source and is well-known and respected.
With all that out of the way, I think that some links to public announcements made by the project will show you just how open the project is about issues they find or are made aware of and what they're doing to address them.
It should be pretty obvious that GrapheneOS developers don't just fix problems for their OS, but they also report issues upstream. You'll find that the project has integrity, is honest, and open. When they know about a problem and it's within their power to fix it, they do so as quickly as possible. So, no, they don't know how to hack your device. They're too busy making the OS as private and secure as they can.
Now to answer a few other questions directly...
Quotesquestioner Or are all known wholes stuffed to the end with great security features?
Not sure I understand this part. GrapheneOS doesn't do security theater, so known issues are dealt with completely. They don't release half-baked fixes and call it a day. Examples of this include the duress feature, which they didn't release for a long time because they do things right, and a planned app communication restriction feature that's been in the works for a long time now for the same reason.
Quotesquestioner i would want to know which system apps i could deleate/disable/deniepermissions, when i want to use the phone as wifi only.
None of them. Don't mess with system apps. Don't disable them or mess with their permissions. Just use airplane mode and enable wifi.
Quotesquestioner In that case i dont need any app related to sim card carrier esim phone contacts and so on. I dont will ever need any of them and if it reduces attack surface i would want to deleate/disable and so on all this apps.
None of this is necessary.