I fully agree that having more than just one year to migrate it's a bit short. Especially within the lifecycle of the devices that counts in decades.
Changing the ingress endpoint shouldn't be a big deal via OTA or configuration change. The lack of such configuration in the first place would be concerning for any new devices.
Further communication to Pub/Sub wouldn't change in any way.
IoT Core as a service has some design choices that make it attractive such as JWT token auth, and complex to optimize, such as communication pattern details.
If any of you would be interested in migrating to a fully compatible solution, give me a shout at rwarz[at]softserveinc.com since we are building one ;)
Use JWT over HTTPS to RealtimeDB. Has the same presence detection as MQTT. A lot cheaper too. I actually like it better than using MQTT. All of our devices attach to multiple RealtimeDB and then we sweep the data into Firestore for human interaction. Front end for RealtimeDB is open source so you can port it.
Changing the ingress endpoint shouldn't be a big deal via OTA or configuration change. The lack of such configuration in the first place would be concerning for any new devices.
Ransomware attack it's a real threat.