You're right. If we define zero trust as not trusting by default the users, their devices, and the network perimeter, then yes it's compatible with TLS interception. But if the rationale is that vulnerabilities can happen anywhere, why not extend the principle of "never trust, always verify" to servers and network equipments as well, especially when they can intercept and decrypt everything?
No. We don't define "zero trust" that way. That's the opposite of what I just said. "Zero trust" is a marketing label for the ideas in Google's Beyondcorp strategy. It's not a principle that you can extrapolate from this way.
