8.) Openness is formally removed.
Android is *not* removing openness.
Yet. Give it time. Android isn't at that step yet, but I have seen absolutely no indications that Android will not end up at step 8 in due course. At the very least, Google isn't defending openness very well, either. Google has done little (if anything) to discourage locking bootloader. Google not only failed to discourage Samsung's Knox e-Fuse, they integrated that feature, along with several others, into recent releases of Android. These are not steps to preserve the modding community.
I'm a member of the Android security team, and worked around the edges of this feature. We (I'll use that pronoun for simplicity, but please note that I'm not claiming credit) put a great deal of additional effort into making sure that it supported modders who unlock their bootloaders and install custom software. We even made sure that they can use the verified boot feature to ensure that their self-signed images are not modified without their knowledge.
I appreciate the consideration put into this. Sincerely, honestly, and genuinely - it is nice to hear that these cases are still a part of the development process. At the same time, Microsoft required that Windows 8 motherboards both had secure boot, as well as a user-facing option to disable it in the BIOS. Windows 10 certification kept the former, but not the latter. Do I blame Google for the tresspasses of Microsoft? Of course not...but given that the outcry over this was basically limited to a few strongly worded Slashdot comments, I do not see Google as a company so principled as to actively avoid step 8 when there was clearly no blowback.
The goal is not to prevent modding, the goal is to improve security by ensuring that malicious images can't be installed.
The goal isn't to prevent modding *now*. Android At Work's core features were a solved problem by Nitrodesk with Touchdown, which could be configured to require its own passcode and disable screenshots and respect Exchange wipes and determine if the device was rooted...and these were solved in the Froyo days. Google chose to deal with this in firmware. The switch has not been flipped, but the infrastructure went from "not being there" to "being there", changing the trust requirement from being "they can't" to "they won't"...and I'm very hard pressed to find a "they wouldn't" that didn't eventually become a "they did".
I understand where you're coming from, and I do appreciate your response. I hope you can understand my hesitance and concern.