Except that doesn't tell you what it's doing, that tells you what it _might_ do, if you (re)start the server.

sshd -T reads the configuration file and prints information. It doesn't print what the server's currently-running configuration is: https://joshua.hu/sshd-backdoor-and-configuration-parsing

That's why I only use socket-activated per-connection instances of sshd.

Every configuration change immediately applies to every new connection - no need to restart the service!

It's not like they (as in OpenSSH) did, but that's an (IMHO very under-utilized) standard feature of systemd that's been there basically since the very beginning.

Yes. Run this as a validation step during base os image creation, if such image is intended to start system with sshd. That way you can verify that distro you use did not pull the carpet from under your feet by changing something with base sshd config that you implicitly rely on.