It shouldn't be difficult for a custom ROM like GrapheneOS to make the user explicitly allow a microSD card to be mounted if that would cause any security issues.