This is sweet!
I had a similar idea a while back that I never fully fleshed out, but using WiFi mesh networking instead of lora. I figured lora was more specific, but I didn't know as much about it's long range capability. The idea was to build handsets using esp32 modules with external antennas, and build out a huge city wide mesh network working on wifi bands based on small, local repeaters (also ESP based). Esp32 since you can encrypt the onboard flash, they're pretty powerful and decently cheap.
Since your threat model here includes the most enthusiastic spy agency of any nation-state, I would be EXTREMELY careful about the firmware flashed onto the phones. Frankly, I don't trust android or IOS for something like this - maybe using a linux ROM on android would be good enough, but I'd say the preferable and way more labor intensive option would be to build your application specifically for your hardware, and only using open source packages. I'd also encourage the ability to perform on-air key revocation, so if a radio is confirmed to have been compromised it can be removed from the talkgroup immediately.
Maybe using a pi would be a good idea, since the radio can communicate over both serial and usb? Or if you can manage to shave the code down enough, you could try to run it directly off of another microcontroller.
I'd love to talk more about this if you're able to, let me know.
We're going to miss you, comrade. Hope to see you around.
Fucking sucks that so many good people are leaving, I wish you all the best in whatever comes next for you.