Anything other than whitelist-type parental controls will likely be insufficient to block absolutely everything you don’t want them to have access to (or want to have access to them, for that matter).
Honestly, the best way to do so would be no internet access without supervision, which is usually not really a viable option in any reasonable real-world scenario.
The second best way I can think of, albeit a slightly technical solution, is to setup a VPN server at home using a raspberry pi or a similar hosting solution and have the phone connect through that. That way you can control internet access in any way you’d like and even block nasty tracking attempts from apps if you so wish. Most android phones have the option to prevent internet access entirely if not connected to the VPN (this will prevent internet access from any WiFi and mobile data networks). In which case they can still just call or text in emergency situations. The only thing left to do is locking down the phone’s settings, and the rest can be dynamically managed from your network.
All of this does require some basic networking knowledge, but it’s actually surprisingly easy to setup.
Not sure how I should feel about that. It’s highly likely any party engaged in tracking activities will try to grab as much data as they can. So a non-Google device seems like it would be doing twice the amount of data collection.
But considering Google also controls the hardware design of the Pixel, it wouldn’t surprise me if they have some additional tricks up their sleeve.
What we really need is a full open-source phone, including firmware. Maybe we’ll get there one day.