One possible problem is when devices start to use their own hardcoded DoH resolver. Today, Chromecast devices use their own resolver (still standard DNS), tomorrow, they might use DoH resolver. Worse, think about apps starting to do that on your mobile phone...
Now, you need MITN on your home network or you block everything to google.dns:443... but what if they rotate their DoH resolvers?
Ah, yes, didn't think of that. Though, I'm not sure if it's a problem.
DNS by nature must be static. Unless something changes you certainly can block DNS addresses, and you can block it indiscriminately on all ports. I don't care what port or protocol used if my non trusted devices contact 8.8.8.8 on any port.
If you rotate your resolvers, you'll have to push out a software update to update the DNS servers, which takes time and money.
As you said companies are already doing this without DoH so really DoH neither solves this issue nor creates it. It is an issue that will exist no matter what underlying protocol is used for DNS (raw UDP/TCP, DoT, DoH, etc).
Now, you need MITN on your home network or you block everything to google.dns:443... but what if they rotate their DoH resolvers?