The design is generally for ease of configuration in most use cases. Usually only one authentication module is used aside from the basic the last option. In those cases the $authen{user_module} should not be set at all in localOverrides.conf, and the default values in the included authentication module should be used and are set up to cover most use cases with those modules.
Things are more complicated when multiple optional authentication modules are used. For example, if LTI authentication is used in combination with LDAP, Saml2, or Shibboleth. In those cases you usually need to use the setting in localOverrides.conf, and not the settings in the optional module conf files.
So in short, the organization is so that most of the time system administrators don't even need to edit the $authen{user_module} variable.