There are a lot of very sophisticated and trustable software solutions just for consent management. If you have a business website in Europe you should use one of them.
Sorry, but reads as if you don't run a website from/in Europe. Because if you did, you would know that the GDPR is not only valid for commercial forums but also for private forums run as a hobby.
I would also have no problem buying a Xenforo Cookie Consent addon or one from a third party. But for that, Xenforo would first have to design the basics in order to cleanly record Xenforo's own and third-party cookies.
Look at Wordpress as an example, where the topic was apparently approached much more openly.
I really don't want to go all out now, although I'm not far from it. I've been a Xenforo customer from the very beginning, I've always followed the development over the years out of my own interest and I have to say that the magic that once made Xenforo 1.x a success is slowly disappearing today. Just a look at the bug tracker, but above all how bug reports are handled publicly has changed significantly. Chris D. is definitely not a bad developer, but I miss the openness and energy of Mike "The machine" Sullivan, especially in the bug tracker and in the suggestions.
It is completely clear that Xenforo cannot or does not want to respond to every request - full understanding. But cookie consent is essential for large parts of Europe if you want to operate a website, whether private or commercial. At least in Germany, the law makes hardly any differences.
In short, if it would motivate the developers more if Cookie Consent was a separate payed addon - then let them do it.
I would much prefer that to running my forums with an increased risk of warnings for more months and years.
So far we have been lucky that users rarely complain. So far, dubious law firms have complained often enough. But that can change at any time.