It would certainly be preferable to use two devices in this context, but first verify that the apps in question actually use the Play Integrity API, and that you can’t replace them with websites. For myself, I use a Pixel with a custom ROM, and I’ve never had any problems. Of course, it could get worse over time, it depends on the policies of the developers.

Taking your requirements at face value though, iPhone is definitely the correct choice. For the longest time, it was google wants your data but doesn’t care about control, while apple wants control over what you do (to force you to buy their other products) but doesn’t care about your privacy one way or the other. Of course, in the past few years, they’ve both taken some of each other’s worst attributes, but I still think iPhone is marginally better on privacy in stock configuration.

There are definitely ways in which apple is worse: they track your location while your device is powered off, not merely whenever it’s connected to a cell tower or wifi network, and I think they still scan photos uploaded to icloud (but that last point could be out of date, somebody correct me if so). But all that can be worked around if necessary, and in any case it’s not as bad as stock android.

Finally, consider how much has to be tied to your phone at all. Maybe your government apps need to be on the phone, but maybe social media and wikipedia can be primarily used on your laptop, loosening the requirements somewhat. Maybe email can go to your x86 boxes only, even if facebook messenger doesn’t. It depends on your situation.

Do you know of any zero-knowledge providers that are both (a) trustworthy for my own purposes, and (b) unlikely to go to spam?

Like you said, the incoming messages aren’t encrypted, so “zero-knowledge” is always sort of false advertising. Also, if I have to use some weird client, that isn’t good. I do value convenience, especially for email; chasing diminishing returns just isn’t worthwhile, and if possible I’d like to not use both, as I am now.

Consider if a theme could accomplish what you want: It seems like they all use firefox under the hood, and if all you want is appearance, you shouldn’t need to change your entire browser. Keeping in mind that a smaller fingerprinting pool is less anonymous, if you care about that.

I haven’t actually used any other than librewolf though, so if switching provides any features you care about, go for it.

This is so cool, yet another great advantage of the Netherlands.

Finding previously existing services is a great idea, thanks for the link. Here’s hoping I don’t get too much spam as a result. (but at least I can block individual customers addresses)

To the extent that you still need to use standard apps, consider disabling your advertising ID. EFF has a guide to this at https://www.eff.org/deeplinks/2022/05/how-disable-ad-id-tracking-ios-and-android-and-why-you-should-do-it-now

This won’t stop google of course. You should probably also install a firewall, like other people here have suggested. And keep in mind, disabling features entirely is different from not using them. For example, if location services is turned off, then even google maps doesn’t know your location (in theory anyway), whereas if it is merely unused then google will still check periodically.