why you use a separate subvolume @boot ? On my systems folder /boot remains to subvolume @ mounted at / → eg. root. Then every snapshot of your root system contains even /boot and your installed kernel initramfs. Without it the system is not bootable or even consistently. Thus what u wanted with you @boot subvolume?
Negative. There is no way of knowing how many partitions and/or subvolumes have been created in and for a particular GNU/Linux (or other UNIX) system when these partitions or subvolumes are not in use.
How would the update mechanism know whether a particular subvolume is part of the system, whether it’s only a snapshot, or ─ if it’s a different partition ─ whether it may belong to another operating system on the same computer?
It is up to the administrator of the system to ensure that all pertinent filesystems and subvolumes are mounted in read/write mode before commencing the upgrade.
If you want to make sure other user accounts cannot read the contents of /boot, then simply set its permissions to 700, and for extra security/stability, you can also mount it read-only during normal system operation, so long as you remember to remount it as read/write before a system update. You could even write a small script or shell function to automate the process.
In order to move the files that are now in the /boot directory on your root filesystem, mount the @boot subvolume to /mnt, move everything over, unmount the subvolume from /mnt again and mount it on /boot ─ mount has a --move option, so you can do that in one go ─ and then run…