The public justification is to improve user privacy. Apple has indicated that they want to crack down on an entire 'dirty data industry' that looks to track and target users for paid advertising purposes without OS-level consent.
Since the IDFA was a resettable ID that all apps could read and recognize, it could be used as a central key to compile user profiles associated with other, potentially more personally identifying data. Apple might believe that since they created and supported the IDFA, they were partially responsible for enabling unscrupulous companies to do this.
By blocking access to this ID, and enforcing policy guidelines to prevent any technically-equivalent alternatives, Apple can wipe its hands clean and move on, while also getting great press coverage for protecting user privacy — use of the device-level matching for responsible marketing (including the mobile attribution industry) is simply collateral damage.
Updated almost 2 years ago