Firestore SDK uses grpc under the hood, and they are likely allowing both client and server auth contexts on the same API. The Admin RTDB API uses REST, and is designed to accept only a server auth context.
As for accessing RTDB/Firestore from IoT devices I think you have 2 options, both of which are somewhat sub-optimal:
1. Use a Cloud Function as the proxy, and use the ID token verification based authorization to verify clients (i.e. the flow outlined in my previous message).
2. Use the REST APIs to directly access RTDB from the IoT device as a client. I assume you only need to perform a small set of DB operations from the device. It shouldn't be that difficult to implement those operations as REST interactions.
Personally I'd go with option 2, and avoid having to set up a proxy service altogether.