Hi Önal,
nice to hear you are working on SNMPv3!
The new version of the stack was mainly developed at Pepperl+Fuchs by Martin Hentschel for a Profinet device. I wrote minor parts of it, but I maintain it in lwIP. I guess mbed TLS is a good lib to use with lwIP. Maybe Sylvain (PPP maintainer) has the time to move over from polar SSL to it, too.
If you want to have an abstraction of the mbed TLS, I would prefer a wrapper around it instead of #defines, since this will be more flexible when you want to use another library. And it would be great to avoid #including mbed TLS headers in the actual implementation.
Maybe even wrapper functions for engine boot count are also better to avoid cluttering lwipopts.h even more. SNMP and especially SNMP with encryption is so resource demanding in code and CPU cycles that you don't need to save a few bytes by substituting a wrapper call by #defines. If someone wants these features, he needs adequate resources for it.