No bug in NC.
Apple (both macOS and iOS) need the principal URL.
Other clients need the address book url.
also see https://docs.nextcloud.com/server/11/user_manual/pim/sync_osx.html 
Would it be possible to simplify enrollment by performing server-side checks to determine client platform and redirect accordingly?
No, because macOS Contacts will also access https://FQDN/remote.php/dav/addressbooks/users/USER@TLD.COM/contacts/. And generally returning different results for different user agents is a very ugly hack.