I don't think Apple is in the key escrow business anymore; on OS X they had such an option, to show the user the DEK and optionally store it. I don't think the DEK or KEK are backed up at all in iCloud. If you forget your password, all options I see involve device erasure.
> Apple encrypts your iCloud data in storage, but they encrypt it with their own key, not with your passcode key, which means that they are able to decrypt it to comply with government requests.
It wouldn't add security anyway. In order to encrypt data, they first need to read it unencrypted. Thus, they can't advertise iCloud as "we can't see your pictures", because they can, in theory.
You must mean something else here. Data certainly may be encrypted twice. In that case it would need to be decrypted twice in order to be useful. Perhaps you meant to say that data must be "unencrypted" in order to perform some other operation, e.g. generating thumbnails.