Because automatically sharing credentials between devices by default is what most people want, especially younger customers for whom this has always been the normal state of affairs.
What you say makes sense for new installs, although even there an explicit and optional consent screen is warranted before doing something as privacy- and security-sensitive as syncing passwords to the cloud. But it's not definitely what's wanted by most people who previously had the feature disabled before the OS update.
Actually, I figured it out, when an app I wrote, that uses the keychain, started allowing me to log into the app, using Sign in with Apple (which has some stuff that is only available when the login is set up), on devices that were not the ones that I set up.
In my case, I liked that, and so will my users.
But I do think that it could be problematic, if this means that authorities could now get ahold of your keychain, when having it restricted to a single device, avoids that.
I remember when Microsoft uploaded people’s personal wifi creds in Windows 10. It’s all highly suspect.
Stop it. This over sharing by default will doom us all.