Stewart From a security and privacy standpoint, is it better to enable and force these options, or leave them disabled by default?
From a security perspective it is always better to have fewer features enabled, as that means less attack surface, and thus less risk of getting hacked. But from a privacy perspective using 4G/LTE or higher makes more sense, as 2G and 3G has known privacy weaknesses. Therefore, the GrapheneOS team has recommended to set your network mode to "4G only".
As for carrier overrides, most users never need to touch or enable any of them. But if your carrier is not doing phone calls and SMS over 4G, despite doing data over 4G, you might need to force enable VoLTE, so that you can then disable 2G and 3G, and put "4G only" mode, and still be able to make and receive phone calls, and send and receive SMS.
I would disable VoWifi, unless you absolutely need to be able to receive phone calls when in airplane mode with Wifi.
Stewart What are the possible consequences of having all of them enabled at the same time?
If this question is about the carrier overrides, enabling them does not in and of itself decide whether each feature will be enabled or disabled. That is controlled by the regular settings in the SIM settings.
Eg, setting network mode to "4G only" would naturally disable 5G and VoNR.
Stewart Could this cause any issues or conflicts with mobile carriers if these features are manually forced?
Yes. Most users should not touch or enable the carrier overrides. Only do that if you cannot make phone calls in "4G only" mode, or if you specifically need 5G or VoWIFI, and those aren't working without you forcing them using carrier overrides.
It might improve the situation for you, or make it worse.
Stewart In the network settings, is it better to keep the default “5G (recommended)” mode, or switch to “4G/5G only” for a better balance between security, privacy, and stability?
I would recommend the "4G only" mode to get minimal attack surface, and maximum stability and battery life. 5G exposes more attack surface, and coverage is poor so usually is more unstable and uses more battery. Arguably, 5G is also less audited, but I think GrapheneOS team said they consider it audited enough by now to not have any real concerns about that.
Note, the "5G (recommended)" setting enables all of 2G, 3G, 4G and 5G. The "recommended" word here is for maximum compatibility, so you have coverage even when far away from any civilization where only 2G might be enabled and such. It is not the recommended setting for maximum security or privacy.
Stewart Regarding security and privacy, is it safer or riskier to make voice calls over Wi-Fi compared to using the mobile network?
Having both VoLTE (voice over 4G cellular) and VoWifi (voice over Wifi) should be more attack surface than having only VoLTE enabled. Privacy, without knowing, I assume they are implemented in very similar ways with regard to encryption and such.