Native Wayland apps run great. Can't say the same about those using XWayland, as most of them suffer from graphical glitches and flickering (especially Steam and Minecraft). Secure Boot works with some manual configuration.
you can run an ArchiveTeam Warrior on your server and choose the URLs project. if i understand correctly, the Warrior will continuously visit randomly discovered websites to download their contents and upload them to a server that later feeds the data into the Internet Archive. best of both worlds - your ISP has a harder time distinguishing your real traffic from the ArchiveTeam-generated one, and your server is actively contributing to IA.
GrapheneOS has sandboxed Play Services which basically means they run just like a normal app on your device and you get to choose the permissions they get. My bank's app works with it too (no GooglePay tho). It does require you to get a Google Pixel phone though, which might defeat the whole purpose for some.