Google has just announced they backported the photo picker to every Android device with KitKat and later using Play Services, allowing developers to request access to just the photos and videos they need, without READ_MEDIA_IMAGES and READ_MEDIA_VIDEO permissions. However it's still up to the developer to implement the feature.

https://android-developers.googleblog.com/2023/04/photo-picker-everywhere.html

It would be really neat if GrapheneOS had a forced photo picker as an alternative to media permission, just like forced storage scope. I think it would also be more secure, as an app that may be compromised while having media permissions can access all media, but not when using photo picker.

Its already possible to not grant the permission and enable storage scopes and pick files/directories for apps to access, when an app asks for a media permission.

If the new forced media picker functionality is included in the final release of AOSP 14 i think it will most likely also be included in the GrapheneOS 14 release