There's no point. Remote attestation means your device needs to be corporate owned to be trusted. Even if you had your own linux phone, it wouldn't be able to interface with institutions such as banks and governments. They trust Google's keys, not yours. This doesn't quite end free computing, it just kills it for normal people and ostracizes us hackers who insist on owning our systems.
Not sure what gov require, but most credit unions do not use such lockdowns
They will.
Credit unions, at least in theory, are known for caring more about their customers. It'd be worth explicitly giving them the feedback that you use them via their website or via an app that works on an Open Source phone, and telling them that that's one reason you're a customer.