Relay of the card is almost impossible, it has no active power source. You'd need a bloody big antenna to activate it at any distance.
Relay of bluetooh requires specialised hardware and hasn't been done in the wild as far as I'm aware.. there are a number of mitigations possible if it becomes a thing in the future (verify GPS location, disable BT radios when the phone is not moving, latency measurements, that kind of thing)..
The car won't open the door unless the bluetooth device is less than a couple of feet away. Not sure how it determines that but I can leave my phone in the living room right next to the car & well within bluetooth range, and it won't open.
I'm not sure that those are accurate statements at all. In fact, it is demonstrably not true. As I understand it, un more private circles the Model 3 was proven vulnerable in 2018 to SARA (Signal Amplification Relay Attack). In the past week this has been reaffirmed by Twitter user Kevin2600.
"Although Tesla thinks they are protected from the Relay attack with PIN2Drive. But we are still able to open the door. So risk still there. Anyway, we just purely enjoy the research. I hope you guys like this one

"
Kevin2600 on Twitter
"So this is a free to share call proved by Tesla. We have managed to find a design flaw in order to relay the Tesla NFC key tag. But Tesla dont think it's a problem. Time to submit then "
Kevin2600 on Twitter
As far as the specialized hardware for Relay of bluetooth, I'm pretty sure you could use something like GATTacker.
securing/gattacker
BTLEJack
virtualabs/btlejack
Although more clunky BTLEJuice could probably pull it off as well.
DigitalSecurity/btlejuice
Latency is going to be the main killer of attempts at proof of concept on BLE.
There is a private slack group for folks playing around with things of this nature if anyone is interested send me a PM, and I can get you an invite. Kevin2600 is one of the members of the group now. We are collectively trying to get folks in the scene that are working in parallel, to work together, and shortcut each others man hours for research.
Pwn2own is a potential driver for some of the folks, others are just having fun with research.
Tesla returns to Pwn2Own hacking competition with Model 3 as target and prize