The Google Search Console offers a couple methods for claiming ownership of a site. The recommended one is to download an HTML verification file and upload it to your site. An alternative method is to add a meta tag to your HTML that has a certain unique code as its content attribute.
Here's my question: If my site is hosted as a public repo on GitHub Pages, is it safe for me to upload said file or to include said meta tag in my HTML if other people can view those? Is there any way for someone to later use those files maliciously to gain access to my Google Search Console account and/or any privileged site traffic/analytics information?
It is totally safe to publish that file. Actually, everyone publishes it if they do upload it to their server or add it to the meta.
Anyone can access the file by appending the name of it to the URL of any verified Google Search Console site. It's even easier if they put it in the meta of a site, since you can always look at the source code. The token that you get from google is totally random and unique. Google just wants to check that you have access to the file system of a server. If somebody else uploads it to their website, you could also prove that their website is yours. The token alone can't authenticate on anything.
The best proof would be that YouTube also published it's token. If you do a TXT lookup for youtube.com you get this result:
TXT | youtube.com | google-site-verification=OQz60vR-YapmaVrafWCALpPyA8eKJKssRhfIrzM-DJI