Why? What would be valuable about that? Specifically, what would be valuable about getting someone's GameCenter contacts? These aren't business or family contacts. These are people the person games with. It's a privacy violating bug but not a show-stopping bug. Important but not valuable.
You're misunderstanding the vulnerability. The bug is in gamed, the Game Center daemon, but it allows access to the entire CoreDuet database, which does on-device intelligence stuff. Duet essentially logs everything you do on your phone, which means that if you look at the database it'll contain logs for all your interactions, not just those with Game Center contacts.
You are correct. I did misunderstand that portion of it but that doesn't change the fact that Apple is willing to pay $100k for a bounty like that but no one else does and Apple's actions don't suggest at all that they won't pay out the bounty. If you've ever been part of a program like this, on the developer side, it's possible that they discovered a larger bug that this was a part of or that someone else had already reported this bug. Tracking down the origin of this and the tickets involved takes time and fixing the bug is always the priority. They haven't acknowledged that he's the originator of the report so his insistence that he be credited immediately is a big immature and premature.
There's nothing here that suggests Zerodium, or someone similar, would pay the same amount Apple is offering and there's nothing that suggests that Apple doesn't intend to pay this or credit him. That's all completely conjecture.
I have no idea if Zerodium would pay out that much for this bug (probably not) or anyone else (maybe?) but Apple in general has a poor track record of paying out bug bounties. They do sometimes, but it seems like it is far rarer than their website says they should.