Hello, 
I'm not sure that using a default maximum of 1 is the issue here. 

With the following change:

******************************************

interface GigabitEthernet2/0/9
description Phone (redacted)
switchport access vlan 5
switchport mode access
switchport voice vlan 10
switchport port-security maximum 20
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address sticky
spanning-tree portfast
spanning-tree bpduguard enable
end

********************************************************************

I am still getting the same problem, as seen before. (also, several other switches so far, and 40+ phones have worked just fine with the originally posted config)

*********************************************************************

Hailey_Sw(config-if)#do show port-security
Secure Port      MaxSecureAddr       CurrentAddr     SecurityViolation      Security Action
                             (Count)                   (Count)               (Count)
---------------------------------------------------------------------------
Gi2/0/9                    20                             0                        13                       Restrict

**********************************************************************

(note, that restrict count is taken just a moment after enabling port security)

What I can't figure out is why this phone that works fine, won't register it's MAC when port security is enabled. I can see the MAC when it's off.
I've tried statically, manually assigning the MAC to this port, and setting the maximum ports to 5 with the same result.
The logs show the accurate MAC as the one triggering the violation:
***********************************************************

Aug  9 19:00:23.263: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address xxxx.xxxx.xxxx (redacted) on port GigabitEthernet2/0/9.

***********************************************************

Have you tried mixing the variables a little bit? Like connecting that specific phone on other ports or other switches with the exact same configuration? Also using a different phone on that specific port on the switch? Just to see the behaviour of both devices on different scenarios and see if maybe there's something wrong with the phone or switch that could be fixed with a firmware upgrade.

Eric, 
I'm afraid that's what I might have to do. I was hoping to avoid that, as that is a 3 hour drive.
I was also hoping someone else might have seen behavior like this before. I have not, so in addition to wanting a fix, to make my life easier, :) I find my curiosity piqued thoroughly. 

Oh, sorry to hear that about the long drive... I'm actually very intrigued as well since that's never happened to me and there shouldn't be any other requirements for getting that IP Phone to work except for the one about allowing 2 MAC addresses on the port. Hope you can resolve the issue and let us know!

Update:

I've got a colleague heading to our Hailey branch on Wednesday, but in the meantime, 
I did try clearing the cam table, as per Paul's suggestion, and re-applying the port security with a static address, still getting the same issue. 
My issue is growing however. The local users moved phones around (without telling IT of course.) so once I figured out what was causing all of the new errors I was seeing today, I cleared it's port security, and re-applied like normal to allow for this phone to live at the new desk. now this phone on port g2/0/4 is behaving like the phone on port g2/0/9.
I've had to disable port security on both ports so people could work today. I'll post more configs/logs when I can re-enable port security without disrupting people's work.

Beginning to think it might be time for a VERY hard reset. You know. the one involving the 12lb sledge...

Hello

Try removing the sticky mac address and then clear it from the cam table

Show port security interface gig2/0/9
clear port-security dynamic interface gig2/0/9
no switchport port-security mac-address sticky interface gig2/0/9
no switchport port-security mac-address XXXX.XXXX.XXXX

So after hours I rebooted the switch. 
Port g2/0/9 now works like all the others I have expected, but port g2/0/4 is doing the same thing.
I've still not managed to dig up any other articles or documents describing this, so still hoping someone here might have seen this before. 

*********************************************************

Hailey_Sw(config-if)#do show port int g2/0/4
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Restrict
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 2
Total MAC Addresses : 1
Configured MAC Addresses : 1
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0010.492b.0efc:10
Security Violation Count : 22

********************************************************

Hailey_Sw(config-if)#do show run int g2/0/4
Building configuration...

Current configuration : 358 bytes
!
interface GigabitEthernet2/0/4
description Phone 2b-0e-fc
switchport access vlan 5
switchport mode access
switchport voice vlan 10
switchport port-security maximum 2
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address 0010.492b.0efc
spanning-tree portfast
spanning-tree bpduguard enable
end

*********************************************************************

Aug 13 20:21:08.680: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0010.492b.0efc on port GigabitEthernet2/0/4.

********************************************************************

Anyone see anything I'm missing?
I really can't figure out why the MAC assigned is the one triggering the alert.