Exactly. A much better idea would be to have "security researcher" phones that Apple could sell to such, which would be rooted and tracked.

How could you verify that these phones run the same setup as regular phones?

The only way to make companies fix bugs which may be difficult to find, expensive to fix, and potentially embarrassing is to make it easy to locate exploits on real hardware. Otherwise the only people with the resources to do this are government-backed entities like NSO Group, Vupen, etc, who somehow always ensure that exploits get into the hands of repressive governments.

It would literally be the same phone with the same software, but rooted.