Lets be honest, no company would allow, let alone offer, tours if it had any risk of leaving a bad impression to potential customer.
It is not so much a bad impression or good impression it is an accurate impression. Obviously they are going to spin things positively. But it is not to their advantage for the customer to not know the upsides and downsides. They don't want to sell services they can't provide. So for example if the data center offers 24/7 smart hands they will present that. If they offer 8/5 smart hands they aren't going to claim 24/7. If they have 2 week's of oil on hand they will want to present that if they only have 4 days they aren't going to claim 2 weeks.
No company in the world would allow a client to perform such audits
Not true. Remember that quite often the IaaS provider and the underlying colo are separate. So for example if AWS is hosting out of location X, the colo company for X (say QTS for example) is going to be audited by Amazon. QTS might very well show you the result of the Amazon audit. Even better is if a bank colos there.
. Whether the provider plays (willingly or not) hand it hand with intelligence agencies is yet another question... You obviously still like bedtime stories. In the meanwhile, I'll leave my sensitive data off the hands of cloud.
Assume the answer is any colo provider you to to will work with USA intelligence agencies. But so will your technical staff. Nothing you do will stop domestic intelligence agencies. As for foreign though, the IaaS companies often offer far better security than your company could ever afford.
But intelligence agencies aren't the real threat. Your facility is likely vastly less secure than the worst of the commercial colos, you are making it much easier to get spied on by thieves.
You don't get audited by anyone serious.