I read a post here a while back claiming that graphine is less private but somehow more secure. Of course the only person I have to ask is the graphine Matrix who claims are the opposite of this. Generally my main concern about Calyx is it’s Fake google play thing. Apparently this is less private than graphineOS’s sandboxed google play since it is still connecting to Google, and is just as privileged as Google play usually is.
You would have to build GrapheneOS yourself from the source I believe as there is no built version of it with MicroG. Check out this Github page
Magisk + LSPosed + FakeGApps LSPosed module + MinMicroG project. You have GrapheneOS with microG. Loose in security, but boost in privacy.