Interesting points, thanks. I did not know that there was some limitation as to the number of users that you could have within an encrypted group. This makes me think that the implementation that Matrix itself is using is wrong because typically what you want to do is make a single key for the room, and then just encrypt that key, which is itself a private key that gives you access, against all of the users that have access. This way you only have to actually encrypt the messages once, the same as in a small group.
Some systems do rotation as well, for example when users are leaving and joining it might rotate the key either every time that happens or every 10 minutes, whichever takes longer.