The reason why it's done is because it's AWS best practice to enable logging on all S3 buckets. However, the logging bucket is, and should be, the one exception to that rule for the reasons you've pointed out. It therefore means that a customer should implement other controls to ensure that undesired access or actions cannot be taken against the logging bucket as no actions will be recorded.
At this time, it's a configuration that customers can remove but AWS implements to provide a "secure by default" configuration, even if it may cause a undesired circular pattern which has a detrimental effect on customers. There is a mechanism by which you can request this be updated and addressed by working with your account manager or through a support ticket.
AWS Control Tower - Ownership accountasked 3 months ago
Enabling AWS Configuration on Control Tower Main Accountasked a year ago
Policies applied on organization trail logs bucket created by AWS Towerasked 8 days ago
Grant Access to Control Tower created Cloudtrail S3 Bucketasked 10 months ago
Server Access Logging Bucketasked a year ago
S3 access loggingasked 6 months ago
Control Tower and Baseline CloudTrail versus Organizational Trailasked 4 months ago
Why does AWS Control Tower enable access logging on the access logging bucket?asked 3 months ago
Error about AWS Config in Master Account after setting up Control Tower and SecurityHubasked 10 months ago
S3 Server Access Logging - Another Accountasked 8 months ago