Please bear in mind that whatever you are trying to use is dependent of mutual support on the server/authenticator and client sides. This is not always trivial to achieve.
Why do I need to trust the server’s certificate if I have the root CA’s certificate installed?
This behaviour is entirely dependent on the client’s implementation (the supplicant). Yes having the server cert signed by the CA should be seen as a significant proof of trust, provided it’s not expired or revoked (if the client checks).
On a windows workstation for example you can either trust CAs specifically or let the user review and accept the server side certificate at the first connection. But if the server side cert is signed by one of the selected CAs, the user doesn’t get a dialog about the cert.
AFAIK the whole point of certificate-based authentication is to prevent MiTM attacks that other methods are vulnerable against.
Conceptually it is instead about mutual authentication, and providing solid proof to the client that the server is being spoofed. It is up to the client to decide what to do with that information. Hopefully and usually it drops the connection. If not, it’s as much at risk of MiTM as if it didn’t use cert based authentication.
There is a username option when selecting the network on the iPhone, which does get matched against a backend SQL database by the freeradius server regardless of that username existing the server accepts the authentication. This page notes that the username is used in inner and outer authentication but to me, that doesn’t seem to make sense as there is no inner and outer identity in EAP-TLS.
Conceptually you could have another EAP authentication dialog within the EAP-TLS channel once that is established. For example EAP-TTLS is often used to protect less secure authentication protocols like PAP. So this is left as an option for the server and client implementations to negotiate through the existing supported protocols and/or custom implementations.
This could also be used for a kind of multi factor authentication whereby a station and a user authenticate separately so that the admin can revoke access to the device or the user independently.