MicroOS (and its flavors) update the same way Android does; as a full image

They don’t. They update with regular packages. The updates are atomic though and are only applied at next boot, so there’s less of a risk of weird breakages.

There’s a convention for websites to use robot.txt files that prescribe whether bots should be allowed to access the site. But it’s just that, a convention which malicious actors don’t need to feel beholden to. Depending on the legal framework, you could also just threaten to sue anyone using one’s data for AI without permission, but that’s probably not feasible for the average lemmy server operator.