We need to be careful about making CA AG connect to 200 Apps. Consider even if each app has 2 servers for purposes of resilience. It becomes 200 * 2 = 400 backend servers. It will be more than that in reality. Hence the first thing to consider is performance if that happens.
So consider what end goal is CA AG is going to serve. It is going to act as an Authentication end point (SAML / AuthAzWS / OIDC) OR would it serve as Proxy Gateway as well. When acting purely as an Authentication end, there is no proxy functions. I am more comfortable using the CA AG as an Authentication end point, rather than a gateway / proxy for entire enterprise. But if we have to design it as a gateway / proxy for entire enterprise we need to make sure it is a highly scaled / beefed up CA AG infrastructure.