The SE 17 tests use elytron based security as legacy security will not work on SE 17. As part of general SE 17 test coverage I'm running a job that has the security manager enabled. That job shows failures that aren't seen without the security manager.
I expect this is because various deployments need permissions added when running with Elytron security. I know there was a commit or commits in upstream during the WF 25 dev cycle to add those kinds of perms. Hopefully those just need to be ported.
Anyone looking into this should contact Brian Stansberry before starting for more context; otherwise you'll surely waste time.