New “point update”, minor version, arrives about twice a year. It adds new features (in addition to fixes). The spurious, “unscheduled” updates between point updates are basically all fixes (for vulnerabilities and bugs).
The Rocky 8 has already reached its last point update; anything that it will get between now and 2029 will be a vulnerability or critical bug fix. These should be “easy” for maintenance; just do dnf up and reboot (if necessary).
A “stability principle” of Enterprise Linux is that even the addition of features (by point updates) should not affect existing setups negatively. (There can be exceptions, but they are rare.)
You can always have test systems, where you apply updates first, before the production systems.
That way surprises do not get into production.
A question is, how long does it take to reboot a system, and how much does that downtime affect your services?
If your service cannot tolerate even a short break, then you do need some high availability (HA) setup, where service is provided by more than one system and thus taking one of them down will not interrupt the service. Then you can update and reboot all of them, one at a time.
As for EOL (of Rocky 8), one is expected to setup a new server, probably Rocky 10 or 11, well ahead of 8’s EOL so the service can migrate, uninterrupted, by the time the 8 must go. If you do already have HA, then replacing legs of it ought to be relatively trivial.