lawman I read that at rest lockdown mode is more secure than after owner entered pin once, so thought there were security different levels?
I think "at rest" and "lockdown mode" are different things. "Lockdown mode" disables fingerprint unlock, but it does not place anything "at rest", which is typically used to indicate that the encryption key for some body of data is not available.
The situation between boot and the first unlock is called "before first unlock" (BFU), which has nothing to do with "lockdown mode". In BFU, the data for all user profiles is at rest. Some settings information, such as language selections, Wi-Fi passwords, and alarm settings, is available from "device encrypted" storage.
I don't think "security levels" is a useful concept here. It probably makes more sense to work from which keys are/aren't available.
lawman How would somebody try to gain access to secondary profile data without opening an owner profile first?
At present the Android UI does not enable that, but that may change. For example, some people would like a "child mode" which would allow a non-owner profile to be unlocked before the owner profile. Getting that to work would require a variety of changes, but would not require a change to encryption.
lawman The usb Comms are shut down unless they can remove and access the storage data directly?
The USB-C port has multiple pre-unlock options. And it is indeed possible to extract the storage.