Further to this: Debian libre already exists and is exactly this. Probably the best way to start. That gives you Libre Qubes v0.0.1 nearly for free.

Then, for hardening: since Kicksecure is also just a hardened flavour of Debian, you could reduce your work to integrating the hardened config and kernel build of Kicksecure into Debian Libre.

Finally: it is worth considering whether you want to be attempting to deblob Xen - if that is necessary. It may make the project unviable as a one-man side-project.

It should be pointed out: deblobbing a kernel does not necessarily harden it. Secure and libre are orthogonal concepts. That being said, I like your idea.

I you are considering the random hypervisor as a potential threat (which you should):

• your auth tokens for things like Steam could be stolen, and possibly be used to make purchases with linked cards, or empty your inventory of things like CS skins, gift copies of games, etc.
• if not fully isolated, it could be an attack vector to other machines on your LAN
• peripherals like mic, camera, keyboard could be accessed to spy on you
• and more…

All of EA’s new titles use Javelin anti-cheat. It uses a Windows kernel module, so it’s not possible to run with Wine/Proton.

Given that EA forces users to run what is effectively a rootkit just to play their games, I feel like the only good choice is to stop playing those games altogether. Or, at the very least, compartmentalize your gaming machine and the network it’s on.