No, Play Integrity intentionally checks if it’s a Google-approved key. Android itself has an API to check verified boot and gives info on the signing key - most devs just want to know verified boot is working.
I feel Play Integrity has a short life ahead of if competition authorities realise how exactly it works. “Anti-competitive” is the first thing policy-minded folks think when I explain the API to them.
For GrapheneOS, it’s primarily that it’s re-lockable. That’s why other unlockable phones aren’t supported.
The GrapheneOS install process sets new OS signing keys so you can lock the phone again and get full verified boot. However, most manufacturers haven’t implemented this feature.
I think it might be confusion between inspecting plaintext metadata like SNI vs actually inspecting encrypted contents (e.g. HTTPS content, headers, etc.).
Ublue also has Asus-specific variants which I assume probably has some compatibility fixes added in that would have to be installed manually in most other distros.
Since you use VS Code I’d strongly recommend the developer variants of ublue, which are only available for Aurora and Bluefin, as it gives you a preinstalled VS Code which will be a better experience than trying to install it after the fact. (if you go to the download page for them, answer “yes” to “are you a developer?”)
For minimum learning curve, use Aurora over Bluefin as the UI is more familiar. Also, make sure you pick the Nvidia option for the GPU question.
From what I’ve heard at work and from others, MS uses version queries to stall tickets because they constantly release updates that they can point to and say “you need to update before we can help”.