They just don't support it because it's an immense risk (in my opinion as well).
The other thing, reliable backup is slowly in the making. As I understand there's not enough devs to work on it right now.
This won't be signed with the right attestation key because I'm not them.
My understanding is that attestation is tied to the distribution's private key, so this government software wouldn't trust my version of the OS, assuming the govt could be made to understand Android's attestation framework is a vendor-neutral way to achieve the same goal (whatever goal that may be). With a rooted GOS, I'd still need another device, tied to my government identity, of which I can't verify what it's doing, much less control it
Of course it won't pass the attestation.