It is important to note (due to the comment above regarding "Sandboxed Google Play sounded too good to be true") that on GrapheneOS, the Google Play apps can only access/do what every other app you install can. That's the entire point of the approach. They're made to work within the regular app sandbox. If Google Play can do it on GrapheneOS, so can any other app.
Therefore, when evaluating whether it's the approach you want to go for, when asking a question about what Google Play can and cannot do on GrapheneOS, you can instead ask "can a regular app do X?" instead, and the same thing would apply.
In my personal opinion, for the vast majority of people/use cases, using Sandboxed Google Play on GrapheneOS is the way to go. Using Aurora Store can make sense sometimes, but mostly doesn't, especially given how unreliable it is as of late (I'm only really evaluating Play Store and Aurora Store as a Play Store frontend here, because realistically almost everybody is going to need to download an app that's only available there at some point).
I'm assuming that you've read these already, but just in case you haven't done so yet, or for future reference for people who may find their way here in the future, please give two sections on the website a read to get a better understanding of the design philosophy and implementation of Sandboxed Google Play:
https://grapheneos.org/features#sandboxed-google-play
https://grapheneos.org/usage#sandboxed-google-play