MIUI version is irrelevant. Each build has to be certified individually, so some Stable ROMs might not be certified (usually called "Stable Beta"), but for Weeklies we use a known certified fingerprint in order to pass SafetyNet.
Absolutely false. Widevine L1 certificates are provisioned by Xiaomi Could service (com.miui.cloudservice) which sends a request to a Xiaomi-owned server (find.api.micloud.xiaomi.net). That service also handles certificates for supported payment services, like FIDO and IFAA/Alipay.
Widevine L1 certificate provisioning has absolutely nothing to do with Google in MIUI's case.
Not true. A Stable China ROM can get certified even if the device is not available Globally, that depends on whether the China ROM for that device comes with pre-included super-basic Google Play services configured for China (which is the case for many high-end Xiaomi devices).
In short, as long as it's an actual "Stable", and not "Stable Beta", China ROM, then it usually gets certified, even if with a delay.