Yes, that's going to be relevant in about 7 years. In the meantime, Google should just include a trust store in their browser. Of course, project Treble was supposed to save us by now.
IMHO, Google really should work on reducing the OS to the minimum needed, and make it possible for apps to share dependencies. If App A and App B use the same X, it doesn't really need to be downloaded and stored twice. For X including CA bundles, libraries, etc. Then you push play store publishers to update libraries and what not to what is commonly installed.
I like to build portable static executables, so I embed the CA roots in every executable I build that needs to talk HTTPS. It'd be great if there weren't so many mom and pop shops in the certificate authority business. It just boggles my mind how the Internet hasn't fallen apart, considering the only thing you have to do is compromise something like a printing shop in France that runs a CA as a side hustle.
I currently run Android 11, and I went through a while ago and disabled any CAs that were hinky or I didn't like what nation they were associated with. AFAICT, there was nothing at all that broke after I disabled so many of these trust anchors. I am not sure if the GP is saying that bundled root CAs can override OS-supplied trust anchors, particularly any which have been manually and administratively disabled, but that would be a disturbing, yet helpful, thing to know.
IMHO, Google really should work on reducing the OS to the minimum needed, and make it possible for apps to share dependencies. If App A and App B use the same X, it doesn't really need to be downloaded and stored twice. For X including CA bundles, libraries, etc. Then you push play store publishers to update libraries and what not to what is commonly installed.