I've been using GrapheneOS since the Pixel 3a and this is the first time I'm hearing of such an issue. To me, the ability to relock the bootloader and rely on verified boot is a big security advantage compared to other custom ROMs. I would not want to give that up lightly.