What are the mechanics behind a CIFS "readonly" mount?
Indeed.
When a client mounts an export read only it shouldn’t send write requests to the file server.
That makes it unlikely that the corruption came from your end. But since that read only status is set on the client and not enforced from the file server providing the export, you cannot completely exclude that a client (not necessarily yours) accessed the share in read-write mode and is the culprit.
Note that also the fact that the file is on an export does not exclude that the corruption occurred on the file server itself either.