Unfortunately from what I read a couple of times, including a month or so ago, GrapheneOS discourages and doesn't support rooting the phone for security reasons that seem vague to me and don't appeal to my need to actually own my phone and OS. You could still root it with some third party tools from what I know, but not having root as the default makes it less of a secure FOSS OS and more of a closed down toy.

As for payment apps and other crap that refuses to run if I, the owner and administrator of my own device, don't have admin access, I would just refuse to run it. What's next - websites refusing to work if I have root on my Linux desktop?

As far as I know, root and tap to pay are pretty much mutually exclusive, at least if you meant Google Pay? Unlocked and rooted devices do not pass remote attestation. And it's not just something you can fake when you have root, since it is anchored in hardware (the attestation certificate chain is signed by a hardware-backed key and contains the verified boot state and verified boot key).

GrapheneOS doesn't give you root access, citing security issues it introduces. You could re-compile your own copy with root access, though not sure if we'll then be back to some non-certified OS that can't make payments...