update: after helpful but ultimately unsuccessful instructions (and even a login inspection) from Support at Woo, I went back to tinkering today and seem to have found a solution. That is, a few hours have passed and the login and security are still both working as expected (and as they had been for years until some weeks ago).
The ‘solution’ seems a bit unlikely at first, but I suggest you might try it and see what happens. First, I deactivated Jetpack. Then I deactivated Wordfence, then immediately re-activated it (with Jetpack still off), but this time turned off 2FA (only set fir Admin users on the site), ensured in doing so that the WooCommerce options were Skipped (as is recommended by WC and WF both and as had previously been the case); then I saved the new settings, reactivated Jetpack, and logged out of the site. Attempting to log back in as a returning customer now (rather than Admin) and everything worked (as expected); but this time it continued to work even after I reactivated 2FA. (Being extra careful, I actually had the only two Admins to the set delete their existing 2FA credentials and set it up for both from scratch (this may or may not have been necessary. But it worked.)
In other words I think it must have to do not with the combination of these three plugins (WooCommerce, Wordfence and Jetpack) but with the sequence of their activation/reactivation after updates or any change to settings. Clearly there is functional overlap between Wordfence and WooCommerce (hence the WF option to choose Skipped on re/activation); but the change of sequence is the only new element in my multi-week ongoing efforts to fix this issue and the first to produce the desired result (even after WooCommerce support told me they could only direct me back to Wordfence Support).
Anyway, all’s well that ends well. Everything worked as it should and as it has been for years. I hope this update provides some assurance and assistance for others trapped in this infernal loop!
