We had to go through each of these apps years ago to figure out what we would be missing from excluding them. We knew Showcase was disabled at another layer and we're very aware of the CarrierSettings system for distributing APN and other carrier configuration data since we had to make our own implementation:
It's also in the MVNO configuration. We update these carrier configurations via an adevtool command we made for fetching them from the relevant Google Play API similar to their CarrierSettings app and include those in GrapheneOS instead of just using the ones extracted from the latest Pixel stock OS, so this less delay than checking it in the stock OS factory images since it's fully up-to-date as of the last time we ran the tool which we do at least monthly after the new AOSP / stock Pixel OS release.
The packages being disabled is nearly the same as them being uninstalled and installed on demand, meaning the overall set of apps is only actually a real world attack surface for Verizon / Verizon MVNO users.
On GrapheneOS, since we expand verified boot, apps like this having privileges granted them enabled/installed adds some trusted persistent state we don't want to have but that's not relevant to the stock OS which has a narrower goal for verified boot and doesn't get impacted by this. We do various things to reduce trust in persistent state but this is still far from something with real world relevance, it just has a theoretical relevance if it was included on GrapheneOS which it never has been.
It's been refreshing to read through the GrapheneOS threads on this and see some actual evidence-based discussion.