But the point of CDNs is to direct connections to a geographically-near IP, yes?

That’s generally right enough, the goal of a CDN is to deliver content from a server close to the consumer as possible (ideally on their ISP network using cache servers to avoid going out over the “wider internet”.) – however CDN networks typically also use Anycast IP addresses, which means that all of the CDN servers across their network use the same pool of IP addresses, and BGP / the routing table dictate what actual physical server you get routed to. This is typically the ideal closest server, however sometimes you want certain IP pools in certain regions for legal (China), or technical reasons, so the IP address returned by a given A/AAAA lookup for a CDN isn’t a given. There’s also ECN and other optimization CDNs can do on the lookup side but that’s outside of the scope here.

The domain name that any CDN webserver in different regions will get in the HTTP request headers is going to be the same, CNAME or no.

Yeah, so the CNAME just says “whatever A/AAAA address that resolves to” and the HTTP client will send whatever HOST it thinks its connecting to, meaning you can’t “mask” the actual domain you’re using by using a CNAME record.

Technically if you have a totally static IP serving a single site, it’s possible to ignore the HOST field and always serve that site, since logically, any request is only meant for that given site (this is basically the default site on something like Apache).

My main point is that there’s really no getting around that CloudFlare requires you to be locked in to their platform even if you just wanna serve R2 files from a subdomain, and I personally find that a bit spooky, migrating nameservers can have very long propagation times leaving your site unreachable if they decide they don’t want you as a customer anymore, or as a shakedown.