You're right this has nothing to do with systemd ... and it's honestly a difficult problem to solve within NM without risking a system that fails to boot at all without a network detected online.
It is worth looking into how we might improve the nm-online behaviour though.
In the meanwhile when there are services that require binding to a specific address and it's possible that address hasn't yet arrived on the system there is a better way to handle it, one which is well tested as it's frequently used with software for high availability such as keepalived ...
There is an option when creating a socket called FREEBIND which allows binding too an address not present in the system.
This is required to be set during the actual binding of the socket by the application.
For applications using a systemd socket this is as simple as setting Freebind=true in the .socket file.
For other applications there may be a configuration option or command argument to enable it. Consider filing upstream bugs where you want this possible with an application. For example haproxy has this as optional behaviour IIRC
For applications where this is not an option there is a sledgehammer approach at the kernel level to enable this behaviour on all socket binds via the sysctl