As you say both have merits and it really does depend to a large extent on how many servers on DMZ, how many Public IP's.
Unless you have provider independent Public IP addressing all other things being equal i would go for NAT unless you have any applications that you know will not work with NAT.
I don't think NAT should be viewed as a security function but rather it gives you more flexibility in how you deploy devices. I don't think conflicts with other branches should be an issue because if worse comes to worse you can NAT before IPSEC.
NAT can be a pain to configure in some cases but as you say nowhere near as big a pain as readdressing all your DMZ servers.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...