Probably the better solution is to include some kind of special lock-screen keyboard that provides some fallback mechanism to input any character. Presumably there are similar edge cases where someone creates a password using one keyboard, then switches keyboard layout, and now can't re-enter it using the active layout...

You can but you have to tie it to actual devices and a point in time, not simply a specific OS version. Essentially, all devices that existed before the change must still support the old set of characters and devices produced (or sold or activated) afterwards can support the reduced set.

Or wait until a future OS version that will not support any device currently in existence.