my TL;DR analysis:
* in 10.1 and up, ssh.c calls pkcs11_init(!options.batch_mode) which is
intended to set interactive mode, but that ends up in the NOP implementation
in ssh-pkcs11-client.c. That same file also contains a "proxy stub"
implementation of pkcs11_add_provider(), which causes the new pkcs11 helper
process to be forked off, which itself then calls the "real"
pkcs11_add_provider(), but always does pkcs11_init(0) first. So we have
"interactive = 1" in the parent, but "interactive = 0" in the helper.
* in 10.0, ssh-pkcs11-helper was not yet used, and the ssh client called
pkcs11_init() and pkcs11_add_provider() from ssh-pkcs11.c directly, which
caused the "interactive" flag to be set to the correct value.
I've now made a patch that plumbs through the "interactive" flag from the
parent ssh process to the pkcs11 helper. It's not a stylistic marvel, but
neither is the duplication of function names in the upstream source. ;)
I hope nobody ever links the wrong object files together...
Patch attached, feel free to forward upstream.