I mean the exact same 2.8GB file, with the exact same USB-C stick took FU***** 3 seconds on Linux !!

For that test you should run sync afterwards to make sure the file was really written and is not waiting in a cache.

Sorry, I have no idea.

The relevant polkit policies should be defined here: https://github.com/systemd/systemd/blob/main/src/login/org.freedesktop.login1.policy

Disabling is done with some rules like this: https://bbs.archlinux.org/viewtopic.php?id=152565

polkit.addRule(function(action, subject) {
  if (action.id.indexOf("org.freedesktop.login1.power-off") == 0) {
    return polkit.Result.AUTH_ADMIN;
  }
});

Some other examples: https://gist.github.com/grawity/3886114

Is it common for cups to run as root? It should have its own user, but that is still not good.

For Linux maybe timekpr-next and some custom scripts to sync the time with the time limit server?

ReactOS is probably a good indicator how far you can get with some limited generic drivers.