I think it depends on the mechanism. Even though TLS uses HKDF, it's also a generic mechanism, so people could be using it in other protocols. OTOH, it's an NSS specific mechanism, so that's less likely. On the 3rd hand, it's really sharing the code with the real PKCS #11 mechanism. so it's not an expensive mechanism to maintain.
We should check the rest of Firefox. Kevin found direct uses of AES_GCM inside firefox (beyond SSL or the experimental interface). HKDF could be the same. Probably the deprecation model could be #ifdef around the switch statement (based on if CKM_NSS_HKDF is defined), then move CKM_NSS_HKDF into the PKCS11_v_2_0 section. We'll likely turn PKCS11 v2.0 on in RHEL 7 and RHEL 8 rebases and not in Fedora (or any future RHEL). That means it can go away when we finally make PKCS 11_V2_0 go away.