One of the main reasons why Openreach won't let you use a third party ONT is because the installed ONT is usually in a fixed location (typically a wall) where the fixed EZ-bend fibre cable terminates at. You can't just place the ONT on any surface and have the fibre cable all over the place willy nilly like you can with a RJ11 cable. The fibre connector terminating at the ONT is NOT designed to be repeatedly removed and reconnected, ie its a lot more delicate than your typical RJ11 lead. I have the Huawei HG8240 ONT installed by Openreach, though I believe OR also install other models of their ONT.
I have been working with fibre optic cable now for over a decade in my job. The idea that your Kevlar reinforced patch cable is some ultra delicate snowflake is simply nonsense. It just is not the case, period. The sensible thing to do would be terminate the incoming fibre into a box with say an SC or LC coupler (though for some reason ONT's seem to have standardized on SC). If Openreach are not doing this then they need their heads examining, followed by a thorough beating with a clue stick. I would never dream of terminating any structured fibre with a plug so it can be plugged directly into something in a data centre so why you would do it in a customers premises is completely beyond me.
Personally I would just coil the EZ-bend fibre cable up and terminate it in a box with a SC-SC coupler and then if one where to damage the patch lead, I could swap it out for a new one. Heck a 10m simplex single mode SC-SC cable is £1.80 at fibrestore and the single mode SC-SC simplex coupler is 18p and marketed for FTTH. This stuff costs buttons, in fact less than buttons these days.
I also notice that fibrestore for less than £10 will sell you a splitter for your FTTP connection. Admittedly you would need to blow some more on LC-SC adapters, but if you know what your are doing you can easily snoop on all the other downstream traffic on your "branch" if you wanted so hopefully it's all encrypted.
Oh and while FTTP might be rare in the UK the ONT's are using standards that are also used elsewhere in the world, and a quick Google suggests that hacking the serial number of a SFP ONT is already going on. Looks like these SFP ONT's are running embedded Linux

Like I said it won't be long before some vendor provides an SFP ONT that you can easily change the serial number on so that SN or SN+password based authentication is can be hacked to other devices. The reality is that people with the skills to do this are going to be among the first to actually get FTTP, so trying to be restrictive about it is not going to get you very far.