a) I would assume that many governments are a threat to you.
Probably the only governments that aren’t a threat to you are those that don’t have the resources / infrastructure / expertise to be a threat.
Each customer needs to look at a personal threat model though.
b) I wouldn’t assume that components are coming from the US. Some may be. Some may not be.
So one mitigation is: There is a published schematic.
Hence you can start by analyzing what components are being used and then maybe guess as to where the components are coming from - and you can verify an actual phone against the schematic. That is already 100% better than a blackbox phone.
Perhaps item (b) is not relevant if your threat model is that only the US government is a threat to you but then under that questionable assumption, you probably ought not be buying a phone from the US at all.
Hopefully updated X-ray images for Dogwood (and Evergreen, when delivered) will also be published.
In a sense this item is looking more at tampering with the assembled product rather than an individual component. A motivated, sophisticated attacker could presumably substitute a visually indistinguishable, functionally identical apart from bonus backdoor, component.
This might not be legal but “terrorism”.