Might as well go for Win11, you're going to have to deal with it next year anyways.
Windows doesn't do minimal, it does whatever the hell it wants. There are some OOBE tricks to get a local account working.
I have used the privacy.sexy app to strip down some of the most obnoxious Win11 bits - be warned that you have to disable defender to have it work. Is it doing bad things? Is MS doing incredibly shady shit with their detections? Who's to say? When I turn on Defender afterwards, everything seems "fine".
There's no need to get rid of grub, or play games with different boot drives. Get to know how EFI works. Look at efibootmgr's output - that's pretty much all that the firmware knows. The firmware has multiple entries consisting of a drive (magic device number), a program path (EFI\grub\grub_x64.efi), and maybe a string to pass along. There is a priority list (0003,0001,0002) which MS occasionally likes to re-arrange.