Thanks for providing the information.
The issue is not related to the server certificate SNI. It's related to exposing a few other sensitive data points such as the domain which is clearly exposed in the CONNECT header. This would be exposed regardless of TLS 1.3. Also, there are other headers that are sensitive and outside the encrypted payload including User-Agent and Proxy-Authorization. The Proxy-Authorization is of concern here. Most modern browsers now support PAC with HTTPS versus PROXY.
The Proxy-Authorization can carry the Basic Auth (and NTLM) credentials which is of concern currently since all users are mobile.
Being proactive before this become a problem at causes unnecessary exposure. Zoom had a lot of issues and wouldn't want this to affect squid or squid users.