I did not expect you analyse it so deeply 
Well, I just used strings and diffoscope.
I wanted to know if you changed something on the OMCI side, or only the /proc/realtek/uni_capability (it looks like you only changed the kernel config or code for this, the strings suggest the value could also be set in the device-tree).
EnchancedSecurityControl - that ME is used by Huawei to authenticate ONT if you replace PON_VENDOR_ID to HWTC and OLT is HWTC.
Well... in case of GPON - they didn not care... in case of XGSPON - huawei does not like it anymore so extra authentication is added.
And it is different than default setting. Maybe they use different encryption key than the one in code, but maybe also response calculations are modified... no one hacked yet....
Do you mean HWTC OLTs will authenticate HWTC ONUs, but still allow other vendors ?
In France, both Orange and Bouygues have SMBS as vendor id, as the Livebox 7 and BBox Ultym are made by SagemCom.
There is no authentication issue, with the most tested ONUs being WAS-110 (MaxLinear), XGS-ONU-25-20NI (Cortina).
The LXE-010X-A has only been tested on ALCL OLTs on Orange (AFAIK).
But HOSECOM X67S / AIWOKS AW-XGP12V (also RTL9615C) works on an HWTC OLT on Bouygues.
In general, if I do "make clean", more things get rebuild 
The Busybox binary will change on each build, unless setting KCONFIG_NOTIMESTAMP, or SOURCE_DATE_EPOCH (only added in 1.34.0).
But having reproducible builds is probably useless for you, it would only help when comparing firmwares like I did.