Why we check whether $r$ is less than subgroup order
In ECDSA, $r$ is reduced modulo the subgroup order $n$ when it is used at signature verification: sec1v2 §4.1.4 step 4 in the computation of $u_2=r\,s^{-1}\bmod n$. The check that $r<n$ thus insures that a signature can't be turned into another acceptable signature for the same message by replaving $r$ by $r+n$. In DSA signature verification, which has the same test, that test makes DSA strongly EUF-CMA (that is an adversary can't produce any new signature that passes verification). In ECDSA (which derives from DSA) the test was kept, but it's not quite enough‡ to make ECDSA sEUF-CMA because $(r,n-s)$ is a valid signature for the same message as $(r,s)$. The test $r<n$ still has a possible rationale: it insures that there is no special case in the computation $u_2=r\,s^{-1}\bmod n$. At least, that test does not harm, for the standard prescribes a reduction modulo $n$ at an earlier step in signature production: sec1v2 §4.1.3 step 3. In curve secp256k1, $p>n$, and this reduction changes $r$ for many points (yet such a tiny proportion that in practice it can't happen by chance). There even exist two points such that this reduction modulo $n$ turns the $x$ coordinate to $0$, and there's a test to catch that.
In the BIP340 variant of Schnorr signature, $r$ is the $x$ coordinate of a point on the elliptic curve, and the input of a hash (both on signature production and verification). Thus there is no reason to reduce it modulo $n$, and it's not. There is thus no reason to check that $r<n$, and with $p>n$ such test would make some signatures invalid. Instead it's only checked that $r<p$.
‡ Perhaps it's an oversight. At least that loss of a security property was not made clear when ECDSA was introduced. And it would have been quite easy to avoid that pitfall, which has been a concern in some applications including Bitcoin.
