Canonical way, AFAIU, is to not specify O_RDONLY. O_PATH is the access mode on its own. When requesting O_PATH | O_EXEC, we requesting two modes.
On the other hand, O_RDONLY is zero so it is fine either way for testing the implementation.
It would be most interesting to do something in reverse, namely, check that AT_EMPTY_PATH verifies access permissions when non-root user tries to e.g. linkat(AT_EMPTY_PATH) to file he does not own. In other words, check that AT_EMPTY_PATH does not create a security hole.
But I have no idea how to do it with atf.
There is some mechanism in ATF triggered by atf_tc_set_md_var(tc, "require.user", "unprivileged");. See for instance contrib/netbsd-tests/lib/libc/sys/t_access.c access_access
But I have no idea about details.