The HSM is a server-side HSM. I believe it helps prevent brute-forcing weak passwords/PINs by non-WhatsApp attackers, in case non-WhatsApp attackers gain access to the encrypted backup keys.
I was surprised to read that OPAQUE. uses/generates deterministic asymmetric keypairs based on a secret seed. I'd posit the HSM stores this seed so that it can use various derivations to verify whether a given key asserted by a client was generated by that seed. (https://www.ietf.org/id/draft-irtf-cfrg-opaque-07.html)
I have only used key derivation in symmetric protocols, so tbh I don't know how you do deterministic asymmetric key generation, or even which primitive uses it.
It can effectively be the same. Consider ECDH as key agreement, passed into a KDF such as a hashing algorithm, potentially with additional input, then using that value as the private key — the security assumptions then become the Square Computational Diffie-Hellman and whatever assumption(s) are in the hashing algorithm, the former is proven to be equivalent difficulty to the general CDH assumption.