Good summary. But there might be a more banal reason why they are not turning it on by default: they'd have lots of angry customers bombarding their customer support if they irretrievably lost data. Note that ADP is not just for iCloud backup, but also Drive, Notes, Reminders and other services.
They have a “web support” mode that re-enables a lot of this stuff. In general you’re right. But that doesn’t explain the six year delay or the slow roll on further improvements.
My understanding is that with web support mode enabled you allow one of your trusted devices to temporarily upload your private key to Apple in order to be able to use their web interface to access E2EE content. If you lose all trusted devices, you won't be able to restore the content.
You need a special recovery key (which is a random string of 25+ characters). If Apple turned on ADP by default, lots of customers wouldn't have it when needed. You can find some technical detail here:
Comments
Which they don’t seem to care about.
https://support.apple.com/guide/security/advanced-data-protection-for-icloud-sec973254c5f/1/web/1
The backup codes are just in case you lose that information. You can also nominate a “recovery contact” and the key gets stored on their device.