Upstream has decided that it is not a bug and that both timestamp
formats are valid RFC 3339 (I've checked, the grammar explicitly defines
the sub-seconds part of the timestamp as optional). See link above.
They also think, logcheck should cope with both formats.
So I guess that logcheck should be prepared to receive both kinds of
timestamps, the 32-byte version and the 25-byte version (without the
subseconds timestamp).
In the downstream bug-report of rsylogd (which I suppose will be closed
soon) I've mentioned how to configure remote clients to send a timestamp
*with* sub-seconds part.
See
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064385
But there may be other clients out there (which may not be rsyslogd)
which still send the traditional format and thus will be logged without
a subseconds part.
So logcheck should be prepared to receive both formats.