EAPoL certificates used to specify a certificate file which could include multiple entries (in the file itself, not in the config).
With the move to PKI, this is no longer possible.
Similar issue was noted with OpenVPN and fixed in T4485 see also this forum post: https://forum.vyos.io/t/using-multi-certificate-certificate-file-with-pki-and-openvpn/9043
It might be worth thinking whether there are any other areas this may affect. Given there are at least these two, there could be more.