I only have the Q-in-Q configured on the MX and NTE SRX for management and Customer. I encountered a similar issue on the MX where point-to-multipoint was a requirement for the management by setting a bridge-group and IRB, but, as per you, I couldn't apply layer 2 and layer 3 to two logical inerfaces on the same physical. My resolution was as follows, and may help...
Originally we were going to use a 10.10.0.0/16..... we still are going to, but to get around the issue we are going to break the 10.10.0.0/16 into /30 subnets
C-TAG - Customer VLAN 10 - 192.168.10.0/30
C-TAG - Management VLAN 99 - 10.10.10.0/30
S-TAG - 500
MX240 configuration
set interfaces xe-1/2/4 unit 10 description Customer-VLAN
set interfaces xe-1/2/4 unit 10 vlan-tags outer 500 inner 10
set interfaces xe-1/2/4 unit 10 family inet address 192.168.10.1/30
set interfaces xe-1/2/4 unit 99 description Management-VLAN
set interfaces xe-1/2/4 unit 99 vlan-tags outer 500 inner 99
set interfaces xe-1/2/4 unit 99 family inet address 10.10.10.1/30
Even if the bridge was configurable I would still require 2 logical interfaces per customer.
I then added the static routes for the remote networks.
On the NTE, for the customer VLAN I configured as layer 2 pass through and then configured an IRB interface for the management. Followed this up with an SSH filter at the NTE and MX to ensure the customer could not access anything.
Thought this may help for the EX series.