A website isn’t a common carrier

We were talking about network neutrality, not just common carriers (which are only part of the netneutrality problem).

you cannot argue that a website isn’t allowed to control who they serve their content to.

Permission wasn’t the argument. When a website violates netneutrality principles, it’s not a problem of acting outside of authority. They are of course permitted to push access inequality assuming we are talking about the private sector where the contract permits it.

Cloudflare is a tool websites use to exercise that right,

One man’s freedom is another man’s oppression.

necessitated by the ever rising prevalence of bots and DDoS attacks.

It is /not/ necessary to use a tool as crude and reckless as Cloudflare to defend from attacks with disregard to collateral damage. There are many tools in the toolbox for that and CF is a poor choice favored by lazy admins.

Your proposed definition of net neutrality would destroy anyone’s ability to deal with these threats.

Only if you neglect to see admins who have found better ways to counter threats that do not make the security problem someone elses.

Can you at least provide examples of legitimate users who are hindered by the use of Cloudflare?

That was enumerated in a list in the linked article you replied to.