You can grant apps one-time location permissions. There are of course also global toggles for location, Bluetooth and other things like the camera and microphone.
In my opinion, what you see as "privacy measures" that you're achieving with root doesn't really amount to much when you've sacrificed your device's security, which in turn makes any perceived privacy benefits null.
I'd recommend checking out https://grapheneos.org/features to see what GrapheneOS provides over standard AOSP if you haven't already, and see if that fits what you want.
P.S. If you do decide to root your device while running GrapheneOS, we can't help troubleshoot anything or provide support. It's an explicitly unsupported setup, and in most ways, you wouldn't even be running GrapheneOS anymore.