Nevermind, I figured it out with the .NET 6 template. Hopefully this helps anyone having the same issue.

In Startup.cs, I added this before I did the .AddUmbraco() call

services.AddAuthentication(GoogleDefaults.AuthenticationScheme)
            .AddCookie()
            .AddGoogle(options =>
        {
            options.ClientId = "<CLIENT_ID_HERE>";
            options.ClientSecret = "<CLIENT_SECRET_HERE>";
            options.SaveTokens = true;
        });

After the .AddUmbraco() call in Startup.cs to set new default RenderController

services.Configure<UmbracoRenderingDefaultsOptions>(x =>
        {
            x.DefaultControllerType = typeof(SecuredBaseRenderController);
        });

Then I created a new RenderController subclass and used the Authorize attribute with the google authentication scheme

public class SecuredBaseRenderController : RenderController
{
    private readonly IConfiguration _configuration;

    public SecuredBaseRenderController(ILogger<RenderController> logger,
        ICompositeViewEngine compositeViewEngine,
        IUmbracoContextAccessor umbracoContextAccessor, 
        IConfiguration configuration) : base(logger, compositeViewEngine, umbracoContextAccessor)
    {
        _configuration = configuration;
    }

    [Authorize(AuthenticationSchemes = GoogleDefaults.AuthenticationScheme)]
    public IActionResult Index(CancellationToken token)
    {
        // var googleEmail = User.FindFirstValue(ClaimTypes.Email);

        // Do custom work here and reroute with Redirect or RedirectToAction if needed

        // Umbraco auto-routed return
        return CurrentTemplate(CurrentPage);
    }

    // Disable umbraco default auto-routing
    [NonAction]
    public sealed override IActionResult Index() => throw new NotImplementedException();
}

Using statements for SecuredBaseRenderController

using Microsoft.AspNetCore.Authentication.Google;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.ViewEngines;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Logging;
using System;
using System.Threading;
using Umbraco.Cms.Core.Web;
using Umbraco.Cms.Web.Common.Controllers;

Lastly, I created a SurfaceController to handle Google auth

public class AuthorizeController : SurfaceController
{
    public AuthorizeController(IUmbracoContextAccessor umbracoContextAccessor, IUmbracoDatabaseFactory databaseFactory,
        ServiceContext services, AppCaches appCaches,
        IProfilingLogger profilingLogger, IPublishedUrlProvider publishedUrlProvider)
        : base(umbracoContextAccessor, databaseFactory, services, appCaches, profilingLogger, publishedUrlProvider)
    {
    }

    [AllowAnonymous, Route("/Account/Login")]
    //public async Task<IActionResult> Login(string returnUrl)
    public IActionResult Login(string returnUrl)
    {
        //var authToken = await HttpContext.GetTokenAsync(GoogleDefaults.AuthenticationScheme, "access_token");
        return new ChallengeResult("Google");
    }

    [AllowAnonymous, Route("/signin-google")]
    public IActionResult Authenticated()
    {
        return Redirect("/");
    }

    [Route("/Account/Logout")]
    public async Task<IActionResult> Logout()
    {
        await HttpContext.SignOutAsync();

        // Redirect to root so that when logging back in, it takes to home page
        return Redirect("/");
    }
}

Using statements for AuthorizeController

using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using System.Threading.Tasks;
using Umbraco.Cms.Core.Cache;
using Umbraco.Cms.Core.Logging;
using Umbraco.Cms.Core.Routing;
using Umbraco.Cms.Core.Services;
using Umbraco.Cms.Core.Web;
using Umbraco.Cms.Infrastructure.Persistence;
using Umbraco.Cms.Web.Website.Controllers;

Make sure to add your /signin-google authorized redirect URI in the google cloud console as well. I.e.

https://localhost:<localhost_port>/signin-google
https://someuri.com/signin-google

...etc