In the absence of a gamersnexus video or phoronix article, I'm going to take this with a large grain of salt. Especially when a video like this one is showing much higher performance in windows. The different cpu shouldn't account for much of a difference when playing at higher resolutions and the benchmarks shows the game being gpu limited.
I think the reason that's unlikely is that they'll have to finish in the bottom 2 to maintain control of the top 6 protected draft pick that was sent to the spurs. They'd have to tank from very early in the season and the team is too good to be that bad. The contract situations of OG, Trent and Pascal will keep them motivated to win. Playing team first ball is another question after seeing the bag Fred got.
There are too many variables that go into battery usage to get any meaningful insight. Different apps, cpus, screen brightness/refresh rates, active radios, etc... It's an endless list. Best you can do is compare with someone you know with the same model who has similar usage patterns. Good luck.
Since you've had it running already with a 960, I don't think you'll have any issues. And if you're running the igpu for the host processes/transcodes with the dedicated gpu for gaming, that eliminates any possible issues from having to use a single gpu for everything. Also, I wonder if using the dedicated card for the vm avoids the issues that could pop up from running nvidia in linux.
One thing I forgot to mention, you're going to need a new psu especially to power the higher class card. 500W might be enough for the lower tier and a much more power efficient processor but you'll be trading some flexibility which isn't worth it imho.
I would go with an intel cpu for the integrated gpu that can easily handle all the transcodes. 12th gen or greater i7 should be more than enough. GPU passthrough for gaming will be trickier. I'm guessing modern games at 1080p which will probably require something with >12gb for some light future-proofing. 6800/4070 class card would be my bet.
tldr: libwebp has been patched and will eventually make its way to everyone. This is not an easy exploit and unless you're at the level of a nation state target, don't worry about it.
It might be easier to get suggestions if you go into more detail about the functionality you're looking for, whether it replicates paid features of other clients or something else altogether.
6800xt is still the better card to get for value and performance. It's sad that both nvidia and amd just renamed lower tier cards into higher tiers this generation to make up for lost crypto revenue.
If you're going to store something on someone else's computer (Google cloud), they have every right to control what is and is not allowed on their systems. Don't like it? Use encryption, selfhost, etc...
https://www.phoronix.com/review/radeon2022-windows-linux