@andybjackson building the patch should be fairly straightforward.
Assuming your build environment is set up as per Wiki, you can build the release equivalent as described here:
If you copy the patch content from above
and place it in [buildroot]/openwrt/package/kernel/mac80211/patches/subsys
and run make world you should get the sysupgrade.bin under [buildroot]/bin/targets/[path to your device]
You can confirm the patch is part of your build strings [buildroot]/[yourtarget]/[yourlinux]/backports-5.15.58-1/net/mac80211/mac80211.ko | grep mwv .
In the meantime I am still looking to improve the solution by adding the STA to the driver as per the note above. I have been able to get insight into the hostapd code. Hoping to have an implementation within a few weeks.
The reason this code was 'corrected' seems to be - according to a comment - about hardware decryption not being active when the key is added without being associated on some systems.