CMake can be used to perform a variety of actions which may need to access pretty much any part of the system, including attached devices, network communication, system libraries, etc. Anything that a compiler, toolchain, test executable, etc. might want to do is in scope, but also any project logic implemented in the CMakeLists.txt files by the project. This includes arbitrary file accesses and executing child processes (so that opens up the possibility of also running anything the user would normally be able to do outside of a snap). The classic confinement seems to be the only way to give the level of access required.
NOTE: Already discussed at the Snapcraft Summit with @daniel who agrees that classic is appropriate here.