I already read many threads and manual pages, but I am stuck with one very special problem.
Given are two independent DSL lines, each with a router (=CPE) I have no control over. Each CPE has one public IPv4 address and one private network (each)
(10.0.0.254/24 resp. 192.168.0.254/24) for me to use. Configuring two interfaces for backup and/or load sharing is not the problem. But having a RB960PGS and a LAN
with address 10.10.10.0/24, how to translate addresses by avoiding port-address-translation (=PAT) by my RB? PAT is already done in each of the CPEs.

There are no way you can get around this easy. You have two private net on outside.
So if you want to be able to use both of them, you need to use NAT so you get a third different net on your side.
This will give you double NAT

Concur, screwed!
Use the private one for all basic internet access and the public one to host whatever services you need to host.

What are you doing that double PAT is becoming a problem? I only ask because there is so much "oooooooh don't do that" about this but rarely is the root cause mentioned other than the originator has "read it's bad".
What are you struggling doing OP?

Is there any room to speak with the ISP and ask them to DMZ an IP in their LAN range which you can specify into your RB to minimise this?

Ask ISPs to add route on CPEs to be our LAN range via the RB960.

What are you doing that double PAT is becoming a problem?

I am afraid it will break SIP and/or give problems with online gaming.

... you need to use NAT so you get a third different net on your side.
This will give you double NAT

What about doing srcnat-netmap from LAN to CPEs and put sfp1 and ether1 into local-proxy-arp mode? This should give 1:1 translation of network addresses. But will IP port numbers change (PAT)? Would this make it better for online gaming? What about SIP? I guess Mikrotiks SIP-Helper will fail?

Is there any room to speak with the ISP and ask them to DMZ an IP in their LAN range which you can specify into your RB to minimise this?

Ask ISPs to add route on CPEs to be our LAN range via the RB960.

For ISP1 there will be no talks. It is more difficult even. CPE1 has two Interfaces with two different private networks. One is for data, and one for their SIP (walled garden). For ISP2, I may be allowed to use my own router and do PPPoE.