In this scenario, #2 option would be better, where you create a new "tier" similar to a network services VPC design. No need to add multiple sets of interface endpoints.
In regards to the potential future state, you may want to consider an actual network services VPC depending on the number of VPCs and VPC endpoints you need. It is simple enough to change down the road if you end up needing a network services VPC to host the VPC endpoints though, so I would not start out with that design.
Refer to Centralized access to VPC private endpoints in the Whitepaper.
Benefits to S3 cross-region access with VPC peered interface endpoints vs. public internet using NAT gateways?Accepted Answerasked 5 months ago
How do I create a VPC Endpoint for S3 Interface?asked 6 months ago
S3 Interface EndpointAccepted Answerasked 7 months ago
Best way to manage access to a VPC EndpointAccepted Answerasked 2 years ago
Reducing VPC Endpoint costs - deploying an image to Amazon ECS with CodePipelineasked 4 months ago
SQS interface endpoint for cross region accessAccepted Answerasked 2 years ago
How to setup interface VPC endpoints in a multi tier architecture?Accepted Answerasked 2 years ago
VPC Interface Endpoint Limitation on one subnet per Availability Zone for "Enable Private DNS Name"Accepted Answerasked 5 years ago
[EC2.10] Service endpoint for Amazon EC2 needs to be created for each VPC.Accepted Answerasked 5 months ago
Which connection method when using SageMaker Notebook through VPC Interface Endpoint?Accepted AnswerEXPERTasked 4 years ago