It worked!
I relocked the bootloader (fastboot flashing lock), it automatically wiped my user data, and booted successfully! Also, after restoring my data, I was able to upgrade from last-week’s release to the new release of today - all without problems.
Now, this does raise a lot of security questions though. I did not realize that LineageOS, /e/ and even Fairphone where all signing their builds with google test keys - essentially rendering the OS build integrity checks meaningless… I guess in fact that means that it doesnt really matter which keys are being used, as they are simply not checked? Any key would be accepted?
That being said, I am happy that my bootloader is now locked.
Next steps:
(1) See if I can sign the builds with my own keys, and have those keys checked (using avb_custom_key, as GrapheneOS does). With secure-boot disabled, that still has its problems, but at first sight seems another small improvement.
(2) I would also like to get rid of these userdebug builds, and instead build a ‘user’ build - again improving security. See also [1].
(3) Ideally, I would be able to burn the PK HASH with my own keys, which might allow me to enable secure-boot - but that will require a lot more reading 
If anyone has any pointers to help work toward that, let me know!
[1] https://madaidans-insecurities.github.io/android.html#custom-roms