So there is a good discussion on Github (https://github.com/GrapheneOS/os-issue-tracker/issues/4557) but I would like to mention something different. Current concern for GOS is not to brick devices because of this but is Google any better at that either? Yes, it offers a recovery method but that's not a full proof way of a solution to this scenario. Recovery methods are also not that reliable. They never are! There are many situations where someone forgets the phone number, recovery codes, 2FA app, or recovery email! Even MS's implementation of BitLocker has this downside in enterprise setting. Saving a recovery key somewhere safe is only reliable as long as that service itself is accessible.
What GOS team can do is informed users of the drawbacks of enforcing such security measures. (If anybody is aware than many phone companies are now locking down entire access to recovery environment with user password!) There are many good points there in that discussion so first I'd suggest everyone to read it and spend some time.
So here's some suggestions and please you're welcome to criticism too.:
Include an offline recovery method. Recovery methods can suggest users to use their extremely private info such as numbers from Government issued identity cards, mobile numbers etc. which are usually gonna remain same even is someone is dead! So at least their family members (friends etc.) would be able to access the phone if need arises. Users must get a warning as mentioned before, to enable FRP. Everything here is offline only so data is not even saved by remote servers.
I will also tell a ground report on how Google's FRP protection is actually working in real world. Person A loses the recovery method (didn't set or forget). Simply goes to physical support solutions with invoice copy (even Google has this info if you lost it!). They verify and reset the device from their end. Back to normal. This is how it's happening today. People are not worried about Google data but more about their social data accounts.
GOS team should understand that users opting for this are "usually" tech savvy and not an average fellow. In most cases, they know the outcome of enabling such advanced features. A bricked device should not become such a roadblock to complete peace of mind with FRP on.
So in short, GOS team need to provide such option with precaution.