Another data point:
GOS has once again updated to latest version (TP1A.221005.002.2022110600) but this time MitID didn't break, and kept working. The combination that seems to be stable is "OEM unlock" disabled and "exploit protection compatibility mode" enabled.
This is on MitID 2.3.4, I delibetary did not update the app because I wanted to check if this problematic version would trip agan on a new GOS update.