2. Bootloader locking matters because many (most?) apps will just refuse to run.
3. Why? Because Google built up the attestation API which severely handicapped those 99.9% of devices from running custom roms.
4. Even on the 0.1%, the Google pixel, it won't pass full attestation - so some really picky apps like banking won't run. Only stock android untouched will run those apps.
It didn't use to be this way 10 years ago.