EDIT: It was pointed out below by u/lukmly013 that SDR++ supports RTL-SDR directly. I have removed the rtl_sdr driver app and it works.
So, it is as simple as downloading the SDR++ app and enabling the USB-C port. No need to mess around with the driver app and its security settings.
This is a PSA as I could not find online whether a GrapheneOS would be able to run an SDR dongle or not.
I was skeptical about this working because GrapheneOS has several hardened security features and does not allow root access. Since the RTL-SDR dongle is a USB device that requires coordination between a "driver" app and second SDR app I wasn't sure if such a configuration would work.
Conclusion: It does work!
I am using a USB-C to USB 3.0 OTG adapter and the rtl-sdr blog v4 dongle with a generic antenna. My phone is a Pixel 7.
The SDR app I have used is SDR++: https://github.com/AlexandreRouma/SDRPlusPlus/
The driver required is "Rtl-sdr driver", available via F-droid: https://f-droid.org/packages/marto.rtl_tcp_andro/
Both of these can be downloaded via Obtainium.
As for the phone settings:
Under "Security" settings, make sure the USB-C port is not set to "Off" or "Charging-Only".
In that same menu, if you see the sub-menu "USB peripherals", make sure that new USB peripherals are allowed. In my case I am almost sure that I had this sub-menu before, but I don't see it anymore.
In the app info menu of the Rtl-sdr driver app (long-click on app icon), toggle to ON the "Exploit protection compatibilit mode"
You should now be able to open the SDR++, click play, and find some bands.
This was enough to get the RTL-SDR to work in my phone.
Hopefully someone else finds this useful.