[REG 5.15 -> 6.3] Widevine fails on specific sites

Problem description

Certain DRM-protected websites do not work anymore with qtwebengine6. These websites did work with qtwebengine5.

The weirdest thing is how "erratic" this issue is. For instance, netflix — definitively heavily DRM-protected — works fine, but the spotify webplayer doesn't. Specifically, it warns that "secure playback in your browser [is not enabled]", and suggests to change chrome://settings/content/protectedContent.

In the javascript console, spotify outputs:

13:23:08 DEBUG    js         shared:javascript_log_message:158 [https://open.scdn.co/cdn/build/web-player/web-player.56332b1d.js:1] Uncaught (in promise) EMEError: No supported keysystem was found.

Websites that don't work with widevine

1. spotify (see above)
2. This online drm test provided by bitmovin
3. shake-player support test
4. shaka-player
5. vdocipher

Websites that work widevine

1. Netflix
2. The buydrm.com drm demo (I've seen it fail, however)
3. https://www.npostart.nl/ (region-locked?). This is the Dutch Public Broadcasting online streaming platform. It definitely needs widevine to work correctly. (and it does, for some reason)

System information

I'm using Arch Linux (a rolling-release distro), kernel 5.18.3, and qtwebengine 6.3.0.

I'm using widevine 4.10, extracted from chromium 102 (see this AUR package if you're curious). The .so file is stored at /usr/lib/chromium/libwidevinecdm.so. Again, this widevine library used to work absolutely fine. 

Explicitly specifying QTWEBENGINE_CHROMIUM_FLAGS=--widevine-path=... makes no difference.