This is not in conflict: clientAuth is permitted by CA/BF rules. But there's no rule that they must be present, and many CAs already issue certificates without clientAuth.
Some CAs may wish to be validated under CA/BF rules and issue client certs. Those roots will not be included in Chrome. Chrome's root program is only for their browser which doesn't use client certs, so it doesn't matter. Chrome gets to choose what roots they include in their browser.
CAs could choose to have another root which issues clientAuth and serverAuth together. That root could still be audited under CA/BR rules, and could be included in root programs which aren't chrome. For S2S use-cases, it doesn't matter if they're included in Chrome.
Let's Encrypt has chosen to not maintain a separate hierarchy, for all the reasons previously outlined.