The practical way this seems to be implemented is that sites report the bulk of cookies and default to off to comply with GDPR, then list a subset of cookies as legitimate interest-based and default those to on with an ambiguous "object" setting.
Guessing the idea behind it is legal advice that legitimate interest swaps from one ruleset to another, but like the previous poster said I'm not sure how well any of this is tested.