For a long time, I had simply thought there were just regressions in Lynis. But digging further down revealed some test modules have hard coded paths for specific CPU architectures (ARM and x86, the usual). In retrospect, those modules did start failing right around the time I switched to powerpc...
Adding:
${ROOTDIR}lib/powerpc64le-linux-gnu/security
to Lynis' include/tests_authentication restores working detection for the presence of password strength checkers. I've gone ahead and opened a request at their git.
