Sadly that isn’t really enough today - since many applications will refuse to function if SafetyNet fails because you have some non-standard image running.
There's likely a statement in Play Services ToS for vendors to do all things possible to prevent bootloader unlock/relock flow from happening - reasoning from the fact that yellow AVB state is non-existent outside Pixel devices.
Maybe it goes as far as for SoC vendors, as well.
So far, outside of Huawei, no top tier hardware vendor ever decided that denying Play functionality to their users would be profitable - also all Mediatek based devices are basically licensed by mediatek afair, so there's no chance of, say, Vivo/Realme suddenly deciding to ditch Play and do bootloader relocking.
Also the possibility of postmarket devices running non-bloated OS is a loss for a vendor since it both reduces the appeal of whatever next "+1% cpu +1% battery" lineup update (and its a bad idea to sell 200k "good device model 1" rather than 100k "bad device model 1" and "bad device model 2", because PR/stocks/whatever) and increases the possibility of having users dissatisfied with the brand name because battery/flash degradation is still a thing.
That's not a problem and not getting fixed by diverging farther than android. To date none of my apps have required that, including my banking app. Even so, loss of some financial apps is a small price compared to loss of social and dating apps, public transit and health apps, and more.
iNaturalist publishes an open source android app to complement their very functional website, and honestly I would give up all of GNU for that one app.
Maybe this is less of a thing outside the UK but the banking apps absolutely is a problem for me. I have banks that only have apps, no websites, or require the app for 3ds that will refuse to open with safetynet failing. It's not even just safetynet, at least one of them has it's own seperate tests to stop it working.
This is the only reason for me (and presumably a fair few others) not to be using Lineage, I can do without google wallet etc but I can't do without access to my own bank accounts
Sure, that follows and I agree that most people probably won't find it to be a dealbreaker. But your OP said it wasn't a problem in general. I would advise against ignoring it and treating it as a non-issue because more and more apps are adopting attestation. There is absolutely no guarantee that the apps you depend upon won't just suddenly start requiring attestation (and old versions likely will stop working, as forced updates have become very popular on Android).
If you're asking what the solution is, I'm not sure, but sticking your head in the sand isn't a great way to handle it. GrapheneOS thinks that suing Google might be the way to go: https://news.ycombinator.com/item?id=41119047
I don't perceive Waydroid as slow on my Librem 5 at all, and apps tend to work well within it (playing some ad-riddled games from Play Store on a GNU/Linux phone, out of curiosity to see whether they'll work, was an interesting experience) - with the exception of remote attestation and peripheral access, which, of course, greatly limits the possible use cases.
The former isn't really something that could be fixed, but for the latter I've just had NLnet's funding accepted for a project that's about better integration of Waydroid with the host OS, so hopefully I'll be able to make some progress in this area in the coming months. My personal goal is to be able to download a local public transport app and be able to buy a ticket, which includes scanning an in-vehicle QR code, without much fuss.
What we need is more devices that allow unlocking the bootloader and rewriting the keys.