Certificate settings are unclear (curious)

Watermelon

Hello, I have some questions out of curiosity.

In Settings > Security & privacy > More security & privacy > Encryption & credentials, there is this option:
Clear credentials: Remove all certificates
Does it remove or disable any of the system-trusted CAs? I tried looking up clear info about this, but everything I found was either confusing, ancient, or low quality articles. The wording suggests it would, but common sense suggests it wouldn't, but I don't wanna test this on my personal phone. What if I disable one of the system-trusted CAs and then tap this option, would the CA be removed?

There's also this option:
Trusted credentials: Display trusted CA certificates
Inside it, there's a System tab and User tab.
Besides this option, there's this:
User credentials: View and modify stored credentials
I believe the difference between the User tab in the first option and the User credentials option is that the former is for public CA certificates, presented by remote services to authenticate to the user, that the user chooses to trust, whereas the latter is for certificates containing a private key, presented by the user to authenticate to remote services. Is this correct? Does the Clear credentials option clear both of them or only one of them, and which?

Which apps use the OS trust store, and which apps use their own? Do the APIs provided by the OS for third party apps use the OS trust store? Does any GrapheneOS preinstalled app use its own trust store instead of the OS's?

Thank you.

Watermelon

Watermelon Clear credentials: Remove all certificates

I did further research, and what I discovered (I'm unsure) is: the keys held in the Android KeyMint (such as Auditor pairings) are internal to apps and unaffected by using this option; this option only concerns the following option:

Watermelon User credentials: View and modify stored credentials

Which is the Android KeyChain. The difference, I presume, is that the KeyMint creates and manages keys for apps transparently, whereas the KeyChain is like a literal keychain to hold the user's keys in a user-facing way to use across different apps (like different doors).

Is this correct? I don't want to lose Auditor pairings. And I don't want to do a factory reset :( I'm tempted to press it to see what would happen anyway but I'm scared.

Does anyone know the answer to the rest of the questions? Thank you

Watermelon

Watermelon Do the APIs provided by the OS for third party apps use the OS trust store?

The OS allows apps to include a special network configuration file that governs the app's use of OS APIs, by default it disallows usage of user-installed CAs and some other stuff.
https://developer.android.com/privacy-and-security/security-config

Onlyfun

Watermelon nothing happens. System certs are still there. Only observable consequence is that Clear credentials button becomes greyed out. Not so sure of impact on auditor's pairings.