I can’t give you a ruleset, it would require a lot of testing to guarantee it does the job.
It’s possible if you prevent sys-net from connecting to anything and only allow to relay the NAT connection, I think it’s doable. The same should be done in each netvm qube until you reach your vpn qube.
Checking for updates requires ~80 MB of traffic each time on fedora IIRC, the repository metadata are huge. The updates can be a lot smaller. The update check is just to tell you there is something to update.
You can disable update check per qube using this Route ALL Qubes traffic through VPN - #7 by DVM
Different threat models, it’s not possible to have a configuration that matches everyone’s needs. There is no piece of documentation mentioning that Qubes OS tries to hide you are using it.
I can understand this can be misleading if someone comes with expectations that does not match implementation reality. 