The opposite: it's mandated that you not do data collection and tracking for reasons except those essential for the company to provide the product or service, absent informed consent. (And this is purely for tracking: cookies used for maintaining preferences or other state are fine.)
The banners are a fig leaf for behavior that violates the spirit of the GDPR, creating an aggravation where the simplest way to dismiss them is by agreeing.
Any site that doesn't offer a button to reject the tracking (with no more stops than angreeing) and still function as expected without the tracking, is in violation of the law.
Only if you use cookies; I think not everyone will need to use cookies. I think if you use cookies to login, then only the login form should hopefully need to mention the cookies. (However, there are better ways to do user authentication, such as basic HTTP auth or X.509 auth; neither of which requires cookies.)
The banner is required every time there is processing of personal data where consent of required, whether that processing happened thanks to cookies or thanks to any other technical means (1px gifs, JavaScript fingerprinting, etc)
Most websites do not need to process personal data (typically for analytics reasons); it's perfectly fine to run without that and only use personal data for transactional reasons, which AIUI doesn't require that sort of consent.
You don't need a cookie consent banner for strictly necessary cookies, such as those used for user authentication. You don't see any cookie banners on HN for example. Cookie banners are only needed for sites that track their users.
