That seems like the kind of "hah! Gotcha!" loophole the authorities wouldn't fall for. For one, if they were allowed to do that full encryption in your situation and they wanted to, they could do that now; store data on Amazon S3, say. If they aren't allowed to now, they wouldn't be allowed to then either.
For two, encrypting on device means you can't login to iCloud web and see your photos and share them with people. That's not fully representing all user's interests.
For three, some of "their users" are the criminals whom the system is trying to catch; implying all users are the same and want the same thing and Apple wants the same thing as all users is overly simple.
1) That isn't a loophole, but rather the usual state of affairs. Right now I can use rclone or similar piece of Free software with any cloud storage service, and keep the contents of my files private. The cloud service has no access to the plaintext content, and thus can't be construed as having a duty to scan the plaintext. (If they were given notice that a specific blob was CSAM along with an encryption key that proved such, that's a different story)
2) If photos are accessible through iCloud web, then talking about encryption is irrelevant. That's just a standard cloud service which has the ability to scan on their servers. The Apple CSAM issue was remarkable precisely because Apple aimed to do the scanning on users devices before encryption that would make files unavailable through iCloud web.
3) Criminals still have rights. What we're talking about here is the right to computational representation.
For two, encrypting on device means you can't login to iCloud web and see your photos and share them with people. That's not fully representing all user's interests.
For three, some of "their users" are the criminals whom the system is trying to catch; implying all users are the same and want the same thing and Apple wants the same thing as all users is overly simple.