Carrier WiFi xalling uses IPSec tunnel, which is an old and insecure VPN protocol and usage of WiFi calling opens you to more attack surface - https://www.cse.msu.edu/~ghtu/published-papers/Xie-WiFi-calling-TMC-2020.pdf . I suggest fully disabling carrier WiFi calling. That way your carrier doesn't know the IP address of WiFi network to which you are connected.
Each carrier uses its own domains for WiFi calling and your phone should only try to resolve such domains if SIM card is inserted and active, but your phone continues to try to resolve those domains when connected to WiFi in Airplane mode even if SIM card is disabled + WiFi calling itself is disabled! That happens even if you remove SIM card and fully reset all network settings. The only way to stop your phone from trying to resolve such domains when connected to WiFi is to perform full factory reset and never insert a SIM card. If you insert SIM card and connect to your carrier network just one time after full factory reset, then your phone remembers your carrier. I think if you insert a SIM card from a different carrier, then it forgets previous carrier's WiFi calling domains and starts using new carrier's WiFi calling domains. This is already reported to GOS developers and marked as upstream Android bug (not GOS bug).
There is more (and none of it good...) Carrier WiFi calling doesn't use specified private DNS servers from Android settings. It uses WiFi network's specified DNS addresses. As mentioned earlier, If WiFi calling is disabled, attempts to resolve carrier WiFi calling domains over WiFi continues. That means the WiFi network to which you connect immediately knows that someone with phone with your carrier is connected to it, even though no actual carrier WiFi calls are possible when its disabled. That in itself is a non-unique identifier, but still an identifier that narrows things down... The only way around that is to connect to your own WiFi network that blocks carrier WiFi calling domains via local DNS server/forwarder (like Pi-Hole) and/or IP's to those domains. That is of course not an optimal solution. The optimal solution is to have Android disable carrier WiFi calling domain resolution when carrier WiFi calling is disabled. Unlike the idea of tunneling all carrier phone calls via local interface that forces the phone to think that mobile data = WiFi connection and further tunneling inside VPN tunnel, forcing Android to not resolve any carrier WiFi calling domains over WiFi connection when carrier WiFi calling is disabled shouldn't be that complicated. I can accomplish that, but only when bootloader is unlocked and phone is rooted.., which kind of defeats the point of hardened security.