Not sure who is "we" here, but yes I agree, a general purpose customer phone can't be considered secure against state-level hackers, there MUST be tradeoffs.
As an example, I consider that a secure phone MUST have boot-time full disk encryption passphrase, which needs to be different from lockscreen. For obvious reasons (which is that the user will tend forget their password), you can't have this even as an option on general purpose phones.
That being said. GrapheneOS is IMO a pretty good option wrt security (like they chose to disable JIT, which impacts performance, but supposedly improve security), even though lately their focus is no longer security for business reasons.
Architecture-wise, the best smartphone are pinephones/Librem, because of separation of modem (which is in the case of state-actors, an actual danger), and you can force encryption of all communications (it's even possible to do VoLTE encryption CPU-side rather than modem-side), but I think at the moment their OS really lags behind Android when it comes to security.
Their latest developments are about making GrapheneOS more usable, not more secure. Like they are working on a camera app, and our integrating Google apps. (Don't mistake me, I totally respect them for what they are doing)
What are the options now?