Failed to decode current backend config

Since upgrading the opentofu image in my gitlab-ci.yml file from

version: 0.18.0
opentofu_version: 1.7.1

to

version: 3.12.0
opentofu_version: 1.10.7

The following setup fails to run the validate step (as that's the first one after fmt)

gitlab-ci.yml

include:
  - component: $CI_SERVER_FQDN/components/opentofu/validate-plan-apply@3.12.0
    inputs:
      # The version must currently be specified explicitly as an input,
      # to find the correctly associated images. # This can be removed
      # once https://gitlab.com/gitlab-org/gitlab/-/issues/438275 is solved.
      version: 3.12.0
      opentofu_version: 1.10.7
      root_dir: tofu/
      # below inputs work in newer versions of the component but not in 0.18.0
      # apply_save_outputs_as_artifact: true
      # apply_output_artifact_name: tofu-output

variables:
  TF_INIT_FLAGS: -reconfigure -backend-config=$TOFU_BACKEND_TFVARS_FILE
  TF_VAR_preferred_cloud_provider: aws
  AWS_DEFAULT_REGION: eu-central-1

stages:
  - validate
  - test
  - pre_deploy
  - build
  # inherited deploy stage from include above handles the `tofu apply` before the actual deploy_components stage to ensure infrastructure is in place
  - build_and_deploy
  - deploy
  - deploy_components

CI output logs

Running with gitlab-runner 18.4.0~pre.246.g71914659 (71914659)
  on green-6.saas-linux-small-amd64.runners-manager.gitlab.com/default YKxHNyexq, system ID: s_a201ab37b78a
Preparing the "docker+machine" executor
00:09
Using Docker executor with image registry.gitlab.com/components/opentofu/gitlab-opentofu:3.12.0-opentofu1.10.7-alpine ...
Using effective pull policy of [always] for container registry.gitlab.com/components/opentofu/gitlab-opentofu:3.12.0-opentofu1.10.7-alpine
Authenticating with credentials from job payload (GitLab Registry)
Pulling docker image registry.gitlab.com/components/opentofu/gitlab-opentofu:3.12.0-opentofu1.10.7-alpine ...
Using docker image sha256:3c7da8780fef55dffa9e4cd31959c6c1d6502df6dd7f21eb8c3b53d41915e937 for registry.gitlab.com/components/opentofu/gitlab-opentofu:3.12.0-opentofu1.10.7-alpine with digest registry.gitlab.com/components/opentofu/gitlab-opentofu@sha256:bf30cae070feb057b2aa99d5a63822b6eee33d45bd68274a4ef6904d70235165 ...
Preparing environment
00:02
Using effective pull policy of [always] for container sha256:dafbb40c4848c5eb1886a2193d4c8b0d6bb1ff118f4c114b47532c26adf9ca6e
Running on runner-ykxhnyexq-project-42146463-concurrent-0 via runner-ykxhnyexq-s-l-s-amd64-1763550437-a2708680...
Getting source from Git repository
00:03
Gitaly correlation ID: 7789c08a74cb45d385f811775f3c1ce5
Fetching changes with git depth set to 20...
Initialized empty Git repository in /builds/qluent/qluent-ui/.git/
Created fresh repository.
Checking out aaa8ab8f as detached HEAD (ref is develop)...
Skipping Git submodules setup
$ git remote set-url origin "${CI_REPOSITORY_URL}" || echo 'Not a git repository; skipping'
Restoring cache
00:21
Checking cache for tofu/-protected...
Downloading cache from https://storage.googleapis.com/gitlab-com-runners-cache/project/42146463/tofu/-protected  ETag="6376da10953e9aa759fccdca36ddbd4c"
Successfully extracted cache
Executing "step_script" stage of the job script
00:01
Using effective pull policy of [always] for container registry.gitlab.com/components/opentofu/gitlab-opentofu:3.12.0-opentofu1.10.7-alpine
Using docker image sha256:3c7da8780fef55dffa9e4cd31959c6c1d6502df6dd7f21eb8c3b53d41915e937 for registry.gitlab.com/components/opentofu/gitlab-opentofu:3.12.0-opentofu1.10.7-alpine with digest registry.gitlab.com/components/opentofu/gitlab-opentofu@sha256:bf30cae070feb057b2aa99d5a63822b6eee33d45bd68274a4ef6904d70235165 ...
$ gitlab-tofu validate
Initializing modules...
╷
│ Error: Failed to decode current backend config
│ 
│ The backend configuration created by the most recent run of "tofu init"
│ could not be decoded: unsupported attribute "use_legacy_workflow". The
│ configuration may have been initialized by an earlier version that used an
│ incompatible configuration structure. Run "tofu init -reconfigure" to force
│ re-initialization of the backend.
╵
╷
│ Error: missing or corrupted provider plugins:
│   - registry.opentofu.org/hashicorp/random: the cached package for registry.opentofu.org/hashicorp/random 3.7.2 (in .terraform/providers) does not match any of the checksums recorded in the dependency lock file
│   - registry.opentofu.org/hashicorp/aws: the cached package for registry.opentofu.org/hashicorp/aws 5.100.0 (in .terraform/providers) does not match any of the checksums recorded in the dependency lock file
│   - registry.opentofu.org/hashicorp/azurerm: there is no package for registry.opentofu.org/hashicorp/azurerm 4.53.0 cached in .terraform/providers
│ 
│ 
╵
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: exit code 1

My backend is s3 and I followed the upgrade guide https://opentofu.org/docs/intro/upgrading/ yet I never found in my code or directly in the state file downloaded from s3 any references to `

use_legacy_workflow

I upgraded my opentofu version locally to 1.10.7 and I can run all commands successfull including `mt/validate/plan/apply`

Can you advise what this might be or possible fix I can put in, perhaps I'm missing some inputs in the gitlab-ci.yml file?