A trust chain beginning at the bootloader is what will ultimately enable this API, though, because that's what SafetyNet/Play Integrity API relies on. If you don't have a locked bootloader, or you're not running stock Android, you won't pass SafetyNet/Play Integrity (at least the higher tiers of it).
To take your GrapheneOS example, apps wishing to support it must add GrapheneOS keys: https://grapheneos.org/articles/attestation-compatibility-gu...
If this proposal goes ahead, it's unlikely that you'll be able to convince site owners and/or ad networks to add the keys of your open source OS.