One of the reasons why Purism publishes both the schematics and x-rays of their phone is that customers can independently verify that nothing has been added to the phone’s hardware. It is planned that the Librem Key will eventually support the Librem 5 to detect tampering in the software.
PINE64 operates out of Shenzhen, Allwinner is headquartered in Zhuhai, Guangdong and Quectel is based in Shanghai, so the companies that designed the PinePhone and made its processor and its cellular modem are all Chinese. However, I don’t think there is much risk of the Chinese government slipping chips into a PinePhone, like it did with Supermicro servers, because important targets are not buying a phone designed for Linux geeks and modders.
Knowing that people are going to be looking at the schematics and playing with the hardware, it would frankly be stupid to try and slip something onto the PCB of either the PinePhone or Librem 5. There are much easier targets in world.