The point is you (and me) did not read the document properly;
In your quoted part they consider attacking Schnorr signature variant, To simplify I will use a shorter notation as $H(m)$
Yes, they consider the collision for the attack. If there is a signature $sign(prv,H(m))$ and you want to forge you need the pre-image attacks on the hash function $H$ so that you can claim that $m'$ is was the intended message.
In the quoted part of the Bip340 document, this is the case. You want your co-signer to sign a message that they normally don't want to sign. So you find some collision pairs $m_i \neq m'_i$ such that $H(m_i) = H(m'_i)$ with additional property; your cosigner will sign for $m_i$ but not for $m'_i$ for which the second one is on your benefit but not their. They will not be suspicious of $m_i$ to sign and they will sign and you will use the $m'_i$ as the signed message to gain an advantage against your co-signer.
later they wrote as;
Since we would like to avoid the fragility that comes with short hashes, the $e$ variant does not provide significant advantages. We choose the $R$-option, which supports batch verification.
If you commit $m$ before signature, then neither collision nor pre-images will work. Let see;
In this case, the malicious co-signer need to attack the $commit$ to find another second message $m'$ such $H(m) = H(m')$, i.e. execute a second pre-image attack and this will hold for $\text{hash}(R || P || m) = \text{hash}(R || P || m')$, too. Quite not possible.