How to approach Ubuntu package circular broken dependency chain (here: 'security [amd]' vs 'security [all]')

I tried to install a pretty common pacakge - 'gnome-tweaks' - on top of a fresh ubuntu-20.04 install (downloaded and installed yesterday). This is hitting an unresolvable chain of impossible dependencies, and I'm trying to understand what's the correct way to diagnose/resolve it. It seems like such a common/famous pacakge that it's almost impossible it's a bug - instead something must be wrong with my (less than 24 hours old) install.

1. gnome-tweaks only exists as 3.34.0-2ubuntu
2. ...which requies gnome-shell-extension-prefs
3. ......which ONLY exists as version 3.36-4-1ubuntu1~20.04.2
4. ........which REQUIRES gnome-shell = 3.36.4-1ubuntu1~20.04.2
5. But the freshly installed OS has gnome-shell = 3.36.9-0ubuntu0.20.04.2

How I thought you should approach these problems

1. Check everything's at current up-to-date versions (as per @changanAuto's comment): this may not be necessary, but most people most of the time want this anyway and (in the case of a fresh install of OS) it's probably what you want
2. Check apt sources: if we only have standard sources, the above should be impossible: there should be no setup where your sources have a core package that's installed in a version newer than the latest possible
3. If sources are all boring and standard, then check the Origin of each package in the chain: if one of those origins is weird or broken, it may be missing some of the packages that are supposed to be in it, causing the system to try and satisfy dependencies from a different Origin (which has only older, or only newer, versions)
4. If that still doesn't work, check if the package itself has been killed by the author/maintainer, and hence disappeared from the latest sources
5. ...if all the above doesn't work: you are accessing a corrupt/broken source, and you've found a bug that needs reporting.

If I'm correct in the above, it seems:

• all my sources are plain and boring, I'm only using 'focal' (ubuntu-20.04) and I can't see anythign strange in there. I've added none manually.
• gnome-shell-common comes from: focal-security[all]
• gnome-shell-extension-prefs comes from: focal-security[amd64]
• gnome-shell-common is a newer version (incompatible with) gnome-shell-extension-prefs

...does this mean that 'focal-security[all]' (currently) has a bug in that it's blocking amd64 machines from being useable?

...should we NOT be installing security updates by default?

After rooting around in the desktop, I discovered that 'Software & Updates' > 'Updates' > 'For other packages, subscribe to' was set to:

"Security updates only"

...given that my problems seemed to be a conflict in the 'security' repositories, I tried switching that to 'All updates' and suddenly everythings' good. I'm assuming that 'security updates only' was the default (but it's entirely possible I changed it just after installing the OS, and forgot I did so)

So, if I understand correctly, what happened was:

1. I thought my apt sources were all correct, by eyeballing the apt/sources.list and double-checking everything there was as I exepcted
2. ...but I misread the contents, and didn't realise that I was somehow blocked from accessing regular updates from some sources
3. ...and one of the security updates required me to also have non-security updates, in order to satisfy the chain.