I believe that currently RH send a patch to the upstream project, then apply/backport it to CentOS Stream, then if they consider it appropriate apply/backport that to RHEL, and it's the first step there being their first step that's the 'upstream first' part.

The additional hassle Rocky are having is that since Stream is ahead of RHEL divining whether the third step was taken and if so with what, if any, backporting tweaks required, is rather trickier so to recreate the end result of all such third steps to get an identical (bar debranding) set of SRPMs to the ones used by RHEL your best approach has become to source the various bits of information you need to do that from multiple places.

Also I -suspect- the 'pristine upstream packages' thing is referring to the fact that most package formats, rpm definitely included, prefer to have an untouched copy of the upstream sources plus a stack of patches in their source packages and combine them during package build for both clarity and debuggability reasons.

That's not "upstream first".

They are going upstream because of a zero day patch that RedHat have, and is also upstreamed. Hence why they are going upstream, to get the upstreamed patch that CentOS has not merged yet. So your entire argument appears to be that RedHat are doing upstream first.