Not IME, but I'd really like to understand the architecture/flow, if you've got anything.
Say if I take my same phone, and throw a VZW SIM it, tomorrow, and maybe possibly reset it (I doubt this 2nd part is necessary, but I'd have to figure out where the carrier settings are in the tree, or if these are even all public).
Boom - Zip, you have the update, and it came from whom exactly, VZW?
I could also probably sanitize the carrier info (no SIM, just direct to Google distro servers), without the 2nd SIM, and produce the same result, but it'd take a bit of digging, again.
Yes, the carrier has testing going on in-concert with releases, and yes there's some flag they can set, but I still bet they have to negotiate this out. TMo can't just block your updates to the phone they have no stake in, indefinitely, right?
If you have a pointer to some spec/code that explain the depth part here, particularly how a carrier would do this, outside of working w/Google, I'd be very interested to see, truly.
Maybe I'll go dev-docs spelunking a bit tomorrow, depending on time, who knows, maybe I'm way off in the weeds here and using dated release methodology experience.