avidgrapher If I was demanded by customs to unlock my phone, and I unlock a decoy profile..
what data can they access from that secondary profile?
They would only be able to access the data from the profile you provide them. Since you mentioned a secondary profile, they could log out and go back to the Owner profile - which is best practice to leave completely blank or as a template for all other profiles.
Like what OldSurehand said, if they know the existence of other user profiles, they could ask to see the other profiles as well. Deleting the profiles before they can check them would fix this, but of course, there would be data loss.
avidgrapher are the two profiles data encrypted separately?
Profiles are stored with different encryption keys as the source treequell provided says. Deleting the profile purges all secrets of the profile from the secure element, meaning there would be no artefacts to examine - only unreadable, encrypted data.
avidgrapher would it be more "safe" to log out of my main profile? (to mitigate against RAM dumps)
If the "main" means the profile you use at boot, the owner profile cannot be logged out. Once you unlock it, it remains in the after first-unlock state until the device is turned off. Regardless of this, the owner profile cannot access the data of other profiles.
If you mean a secondary profile, signing out of the profile from the button at the bottom of the unlock screen will turn the profile off and purge keys until the user signs in with that profile's authentication method once.
You should not worry about memory dumps or high level extractions - these are only possible with much older and less secure devices or if your Pixel was a rooted device, which GrapheneOS doesn't allow you to.