SASL is a protocol that allows you to mix several different schemes. You could (if the server supports it) use GSSAPI (e.g., authenticate using Kerberos or Active Directory, i.e., the backend for enterprises). You could instead use, say, EAP. Or you could use OAuth 2. Or you could use SSL certificates. Or you could forgo any of that and just use CRAM-MD5 or SCRAM-SHA-1 or SCRAM-SHA-256 for regular password authentication. Or, if you're really lazy, you could just use a plaintext user/password combination.
User and password management? With client X.509 certificates it's difficult,
e.g. issuing them is not fun. Moving them around is more troublesome than with
a login+password pair, too.
Also, try explaining client certificates to non-technical people, who probably
are among the target audience of IRCv3 initiative.
What is the advantage of using SASL over logging in with a client SSL certificate?