Those organizations are claiming they rely on zero-trust principles, and yet they fully trust a proxy placed between their users and Internet, able to replace all the TLS certificates of the origin servers with its own certificates, in order to be able to decrypt all the traffic. How can these organizations claim with a straight face they implement a zero-trust architecture and do the exact opposite?
"Zero trust" is a term of art. You can't reason about it by appeals to the dictionary. It means a very specific set of things, and it is compatible with TLS interception, gross as that may be.
You're right. If we define zero trust as not trusting by default the users, their devices, and the network perimeter, then yes it's compatible with TLS interception. But if the rationale is that vulnerabilities can happen anywhere, why not extend the principle of "never trust, always verify" to servers and network equipments as well, especially when they can intercept and decrypt everything?
No. We don't define "zero trust" that way. That's the opposite of what I just said. "Zero trust" is a marketing label for the ideas in Google's Beyondcorp strategy. It's not a principle that you can extrapolate from this way.
