So you are using a Google app (Google Camera) in an objectively much weaker sandbox than the one provided by GrapheneOS. You're giving it shared storage access since it requires it and CalyxOS doesn't have features like https://grapheneos.org/features#storage-scopes. The whole point of sandboxed Google Play on GrapheneOS is that it runs in the full standard app sandbox. It has absolutely no special access or privileges. It's not different than running another app. Same sandbox, same permission model, and all the same GrapheneOS improvements to those including user-facing ones like Storage Scopes, Sensors permission toggle and the Network permission toggle which blocks more forms of access than a firewall-based approach.
So you are using a Google app (Google Camera) in an objectively much weaker sandbox than the one provided by GrapheneOS. You're giving it shared storage access since it requires it and CalyxOS doesn't have features like https://grapheneos.org/features#storage-scopes. The whole point of sandboxed Google Play on GrapheneOS is that it runs in the full standard app sandbox. It has absolutely no special access or privileges. It's not different than running another app. Same sandbox, same permission model, and all the same GrapheneOS improvements to those including user-facing ones like Storage Scopes, Sensors permission toggle and the Network permission toggle which blocks more forms of access than a firewall-based approach.