With servers it's expected to have someone to actually take care of them - I.e. do maintenance work like reboot once a month or use LivePatch or other measures.
Note though, snapd updates packages for you by default and was not an option to disable this as well.
2nd note - once you are talking about servers - I believe Windows Server has much fine grained control over this.
I generally had once or twice my Windows 11 Pro Insider Beta machine to reboot forcibly - usually I see notification on pending reboots and even been asked when to do it/delay. Cannot complain here.
Linux falls under the second category where they don't really care about securing their users. They think it's okay for a ton of servers of their operating system to exist with vulnerable services running. Every company has to dedicate duplicate resources into keeping servers up to date.