Please exercise caution when dealing with the /system partition. Because our bootloaders are still locked, any changes to /system will effectively brick our phones due to Android's Verified Boot process.
I was able to get the toggle working through a couple of different methods, but the one that seemed most interesting was the ./oemlock-bridge-client method. The program has 3 different modes, "device_lock", "status", "unlock". I believe that on Google Pixels this in combination with oemlock-bridge is what enables the OEM unlocking flag. oemlock_provisioning appears to be the process responsible for phoning home as everytime I run it the status on the client changed to "provisioned" and resets all of the flags. An unlock may be possible if someone can decipher what exactly needs to be inputted into "oemlock-bridge-client unlock". It takes a version number in hex, a nonce (might be all 0s), and a 256 byte token.
Edit: I got the toggle switch working by changing have_id to 00, and by also running the command with unlock and zeroing everything. I have tried toggling OEM unlocking on and off to see if it would take, but fastboot always says "Flashing is not allowed on this device."