WPA3 is mostly a software question, but one of its mandatory features (IEEE 802.11w, which predates WPA3 but is now required for the first time) is not quite software only.
Driver, firmware and hardware need to work hand in hand to properly support it. In case of problems with WPA3 on your hardware, this is mostly the real reason. nl80211 based drivers can fall back to an IEEE 802.11w software implementation to quite some extent, but that usually implies having to disable hardware crypto acceleration of the wifi chipset altogether, which comes at a hefty performance penalty (especially on mips routers, where performance is marginal to begin with).
Around of october last year, these transparent fallbacks to software crypto (and a functional IEEE 802.11w implementation) have been implemented in the mainline kernel for a number of drivers (ath9k for the first draft-n chipsets (<=AR9160), b43, rt2x00 and others), earlier kernels and OpenWrt <=19.07.x don't support it on many wifi chipsets.
So yes, your rt2800_usb chipset needs to use the nl80211 based software encryption as well, with the performance penalty that incurrs.