Thank you all who were involved today to help me on improving the reproducible build 
!
I’ve downloaded the unsigned APK from the fdroid pipeline and compared it to my debian WSL instance and both builds are 100% “byte-wise” identical since we use the same Android SDK, GO 1.24.1, NDK r28.0.13004108, git checkout 6e3783867abfefa3c2629b877168618023ccaab4 and signingConfigs = null.
Is there now a chance, we could switch to developer signed APK as it is mentioned in the F-Droid docs? I know this would require users to reinstall, but we maybe could do it together with an AppID change to “com.syncthingfork”.
Reason behind this is, I’m currently working together with someone at grapheneOs forums and we try to publish “Syncthing-Fork” via “Accrescent app store”. Accrescent requires the validation of the authorship. Therefore, I’ve to change my appId according to their docs, and use a real domain (syncthingfork.com) which their system will automatically check for “permission” during the publishing process. I wouldn’t have so many build flavors and branches then if we could also get F-Droid updated to use the developer signature instead of its own APK signature. Accrescent also publishes including the developer signature instead of their own.
Sidenote: The build is reproducible as long as Linux-and-Linux is compared. Linux-and-Windows produces different bytecode, e.g. some elements within “libSyncthingnative.so” are different by CRLF vs. LF, caused by the NDK itself.