rigor-us That's slightly better, but really, a primary use for different profiles is when you need the same app "twice." Let's say I need Application X for a private use and Application X for a public use. In such a case, most users in this situation would not want Application X to have such a simple way to determine they are on the same device.
Indeed. But when it comes to DRM for copy-protected media, the people who play that game actively don't want one device to be able to appear as two devices. For example, if they have a free trial period, they don't want people to be able to get an infinite stream of free trials by just creating new user profiles on one device. Reading between the lines, it appears that Google and media companies made a compromise, that a factory reset causes a device to become "fresh", but that less-annoying things cause the device to retain a single identity per media provider.
If an app (or web site) that is not providing copy-protected media is inquiring about Media DRM i.d.'s, that would presumably be for illicit fingerprinting. If GrapheneOS were to alert the user, that might be useful; if it were configurable to reject requests, that might also be useful. Luckily the existing "grant/deny/allow-once" infrastructure seems applicable.