I don't know how American data protection laws work in this sense, I've only read up on the GDPR. I don't think American data protection laws are any more strict than their European counterparts though.

You don't need to share this information for Manjaro's software to do its work so it's not necessary for the product. If it's strictly necessary, they may need to inform EU users, but don't need consent.

The edges of the law are pretty sharp. There are a few reasons for which data may be collected without consent, and "I want to see what kind of computers visit my website" isn't one of them. Most of the time, you'll need explicit consent (can't hide consent in the EULA or T&C).

This goes for anything containing PII. And, for the record, an IP address is considered PII in many cases. Pseudonyms also don't protect you.

Even with consent, collecting PII like this also adds a ton of extra overhead (suddenly you need to encrypt your database, serve information/correction/deletion requests from the people you've collected data about, not being allowed to host such data in the US, etc.) to the point I wouldn't even bother collecting this info from EU users. Foreign companies break the GDPR all the time and very few of them ever get fined, but when it comes to communities trying to do the right thing, the GDPR rightfully succeeds in making data collection expensive.