You can kinda do that with Pixels and Sony Xperias only, because last I recall, they implement Android Verified Boot correctly (or non-draconianly), specifically avb_custom_key.
From a security and freedom perspective, I actually like the restrictions of the Android platform if implemented as Google intended, which means allowing you to roll your own ROM and relock the bootloader with your own keys. Android itself has among the strongest security models for a consumer platform, again if implemented as Google intended (which is why GrapheneOS only supports Pixels). You're actually not supposed to root your phone because that opens up a large attack surface.
It's inconvenient for customization, sure, but you can still wipe the phone and roll your own system. It's a matter of the workflow to do it.
From a security and freedom perspective, I actually like the restrictions of the Android platform if implemented as Google intended, which means allowing you to roll your own ROM and relock the bootloader with your own keys. Android itself has among the strongest security models for a consumer platform, again if implemented as Google intended (which is why GrapheneOS only supports Pixels). You're actually not supposed to root your phone because that opens up a large attack surface.
It's inconvenient for customization, sure, but you can still wipe the phone and roll your own system. It's a matter of the workflow to do it.