Wow, that's a pretty bullshit sounding response from tailscale. "We don't want to overcrowd the settings". It's ok to say "we'd prefer our users used our paid auth, rather than self host auth and use the fruits of our labour for the app". No need to be so opaque about it.
You can add profiles with Apple configurator 2. You don't have to go the full MDM route. It's quite easy.
I think the problem is though that the iOS client doesn't support configuring this option in the profile (whether installed via configurator or MDM) either.
