(n=1, imho, ymmv, etc)

No, not only should Tailscale offer a point in time report (click button in GUI, scan queued and report created, report link is preserved in GUI, any user with sufficient access can retrieve the report), they should expose whatever is needed via API to make these attestations available to automated GRC evidence collection systems (Vanta and Anecdotes, for example). Think continuous compliance monitoring of the software defined network tenant/control plane, similar to what you would get out of a CNAPP but scoped for this use case and more geared towards audit and compliance.

I would be somewhat surprised if their enterprise users haven't or are not asking for this to be honest.