you would think that their time would just be correct...we're having this issue too

With how things have been changing with NIST, I could see apple blocking this. One of the NIST guidelines is to ensure time is set securely for SIEM logging. Allowing users to change time at their own discretion breaks timelines on event logging.

lol gold. I've just confirmed this works on 14.4, specifically this line;
security authorizationdb write system.preferences.datetime allow

I couldn't find a key that exists (anymore?) for: system.preferences.dateandtime.changetimezone
Good reference https://www.dssw.co.uk/reference/authorization-rights/system-preferences-datetime

Your last command uses a rule that requires auth of either standard or admin user eg. authenticate-session-owner-or-admin which contradicts the previous allow line? i think.

Anyway, see if this works the way you intended, all ok in my environment with the example lines below;
security authorizationdb write system.preferences allow
security authorizationdb write system.preferences.datetime allow
security authorizationdb write system.preferences.printing allow

i think it may be the CIS Level 1 blocking this 

This didn’t work!?

security authorizationdb write system.preferences allow 
security authorizationdb write system.preferences.datetime allow 
security authorizationdb write system.preferences.dateandtime.changetimezone allow 
security authorizationdb write system.preferences.datetime authenticate-session-owner-or-admin 
security authorizationdb write system.settings.datetime allow