Good pickup, as an unofficial interim solution (Use at your own risk, don't blame me if server burns down or if an update removes it)! Don't see any good reason it should be potentially indexed and visible on google.
To block all crawlers for the control panel portal, run the following command on the controller server
echo -e "User-agent: *\nDisallow: /" > /var/www/control-panel/ui/robots.txt
You should then be able to see this file
https://[controller.url]/robots.txt
Interestingly the same open behavior is exhibited for Roundcube, which on cPanel is disallowed. phpMyAdmin thankfully has a robots.txt set for enhance.
The following can be used to disallow crawler access to roundcube and be run on the mail server, controller server and application server
find /var/www/ -maxdepth 4 -type f -name "index.php" -exec sh -c 'grep -q "Roundcube Webmail IMAP Client" "{}" && echo "User-agent: *\nDisallow: /" > "$(dirname "{}")/robots.txt" && echo "robots.txt created for $(dirname "{}")"' \;
To Verify things worked, you can use a testing tool such as:
https://logeix.com/tools/robots-txt
+1 on Enhance making this the default behavior
