I believe the google framework is installed with less privilege than a system application
NullGator
I was under the impression you could use microG instead of google services as well if you installed it manually?
Dell optiplex desktop or workstation would def be a gpod idea. Both are much quieter than servers - you can get the workstation if you want a xeon chip and ecc memory - otherwise the desktop will likely do what you need.
Look into PICO PSU. Its a small powersupply that uses a power brick to downsize internals. It's used by homelabbers sometimes.
If Tidal isn't your cup of tea, check out Qobuz - I've had a better experience with it. It doesn't pay artists as well as spotify, but I think it's still more than Spotify (iirc)
Gotcha, in that case I'd say either go for whichever is cheaper, or go for the cardo with the JBL speaker upgrade.
I'd say go for the cardo, if you have any buds who you'd ride with, go for a mesh one if you have the budget. Freecom is a good pick if you don't think you'll connect w other riders much 👍
Try out void, it's pretty fire
Handbrake is a frontend to ffmpeg, so that's also an option
Perhaps you could configure more than unbound service behind a loadbalancer. Each unbound instance is configured to use different upstream dns servers.
Double check if unbound doesn't allow you to randomly hop between dns upstreams first, but the above solution should work if that's unavailable atm.
Doesn't check all your boxes, but it's a strong option - monimoto