If it should be corporation stuff with central accounts and all I think GNOME is really good. Fedora GNOME could for sure be an option and I would recommend Silverblue from ublue.it in that case, as it has all the drivers and codecs
You can use what you want. I just say X11 is not developed anymore really, since years. It is decades old and insecure by design. Wayland just works, if not supported XWayland is chosen automatically.
If you use MacOS or Windows today, you will see that Linux has no permission system at all. This is simply insecure.
the repos are either close to upstream, or they backport security fixes. Everything else is not secure
make working, secure, sometimes branded bundles including Desktop, some apps, some specific software
the bundles get updated and if it is a point release, upgraded to a new set of packages. That is called a "Distro version"
This ensures new features and security fixes
the Distros care about bug reports, work with upstream, getting new contributors, packaging (bundling the packages, presets, libraries into a set with a name, handling dependencies etc.)
Distros also often package and build their own Kernel or multiple ones. These kernels are general purpose most often, even though there is the kernel-hardened or Oracles “unbreakable kernel” (whatever that is). Also there is a lts Kernel that has backported security fixes, as well as other releases of the kernel like git (latest of everything)
Distros take care of the versioning, so not every package is always the latest but tested to work with other packages.
Distros also implement security systems like SELinux and Apparmor with matching configurations
So you see that is highly complex. So stay as close to upstream as possible to get the best experience. I think of the main distros as
Debian + Ubuntu
Fedora + the RHEL stuff or clones (Oracle, Alma, Rocky etc)
Opensuse, SEL
Arch
Gentoo
Alpine (busybox and musl, not real Gnu+Linux)
NixOS
GUIX
ClearLinux
Coreboot (yes that is a Linux distro)
Slackware and other probably outdated projects
small ones with different focus
All the others are either downstream modifications of these, or less known. Some Line ublue, EndeavorOS etc. also just take an upstream distro and change very little.
Debian is very manual in like everything. But Linux Mint uses Cinnamon which uses X11 for a loong time and that is pretty bad for anything modern with Graphics Cards
No default browser works normally but no idea how to set that in Hyprland.
I highly advise against Appimages. Flatpak is only useful if you dont trust the app which is a valid opinion, but poorly then the browser cant sandbox websites on its own. So native packages are the best option for security it you trust the browser.
Perfect would be to have the browser isolated and also using its sandbox to isolate websites from each other. I dont know if this works though, on Android it does (not with Firefox poorly as they didnt implement it)
Proprietary UEFI BIOS is, but for a secure system with local manipulation prevention it can be needed. Also secureboot is a security measurement against malware so no, its simply the best we have.
Look at Coreboot if you want a secure modern system