You are completely missing the point. The answer to a privacy and security question shouldn't be, "it is easy for us to do things this way." You are inadvertently making the point that you are arguing against.

Going back to your original point, what makes you think checking for CP in images uploaded to iCloud is more private or secure when Apple's servers analyse the entire image, rather than having the client generate a hash of the image and having Apple's servers analyse that instead?

I work in data engineering and I can tell you what I'd rather do. Having Apple's servers check hashes rather than the entire image means you can segregate the original images from the CP-checker data processing pipelines. That's a much simpler and more secure security scenario.