There is also an aftermarket solution, if you are not on gos, three name is duress on droid.

If you still want the comfort to open your phone via biometrics plus disable biometrics in emergencies there is private lock (fdroid). It will engage when the phone is shaken, e.g. a thief grabs it from your hand while you are typing, or you shake so nobody can force you to open it by fingerprint. The device will be locked and biometrics disabled until you unlock it again. There is also a recently updated app on fdroid with the same features, but it was not as reliable for me so I went back to using private lock.

100% Opnsense. I used to run pfsense for a couple of years but there project was bought by a for profit. Enshitification ensued. They still released their code as per open source licence, but it was not up to closer inspection as it could no longer be used to built the distro from source. They banned perfectly fine hardware from using pfsense as it could not provide hardware acceleration for open-vpn (Aes-ni). The fork opnsense is to be preferred.

If you are looking for a future proof, snooping free and secure solution for home routers, there is most likely no way around installing open source firmware like openwrt. I would just pick a device with good openwrt support, some ubiquity models have that, if I remember correctly. But there are many alternatives by different manufacturers. I would just chose one with good hardware specs in your price range, install openwrt and call it a day.