No, CentOS/Alma/Rocky only supports one minor release at a time (that's up to four major releases for a 10 year lifetime). You can stick to a major release but you have to update every 6 months or you'll skip the security updates too.

Red Hat supports 15-ish release streams at this time between RHEL7, RHEL8 and RHEL9. A lot of customers need that because validating a base system update takes months and they cannot afford not having security updates in the meanwhile.

The subtlety of different support levels for minor releases is something I hadn't come across before, thanks. I'm surprised RH haven't made more of that recently.

In fact the recent change basically consisted of going from 1 to 0 shipped stable branches (CentOS Stream is the mainline of RHEL). But most of those stable branches have never been public in the first place.

In my opinion 99% of end users would be served well by CentOS Stream, but the strong marketing of bug-for-bug compatible distros on part of Rocky (and to be honest it's a fig leaf to pretend CIQ is not behind that) hampered the adoption of CentOS Stream and the users' perception of its stability.

Those benefits that CentOS, Rocky offer, as you said, are without cost because the cost is shouldered by Red Hat. If you're a 1:1 rebuild, you can't introduce your own fixes, so CentOS, Rocky rely on Red Hat to write and produce a fix that will then be rebuilt "free of charge" as you mention.

How is that lock-in from Red Hat's part?