> Features like GitHub Actions, Copilot, and Codespaces also creates vendor lock-in.

It is possible to use GitHub Actions in ways that do not create vendor lock-in. (Unfortunately this is not always the case.)

> GitHub tracks user behavior through telemetry data, including all interactions on the platform

You might be able to work with using only the API, like I do (I can't log in anyways (due to forced 2FA that doesn't work), so I have to use the API). (There might still be server-side logging, but this should prevent client-side telemetry.)

> and GitHub Copilot uses the publicly available source code to train its AI

Publicly available source code is public and can already be used by anyone anyways.

> Rather than promoting quality software, it has become a matter of "stars" and "likes".

I think that you do not have to use these features; you can still host a mirror of your repository. I find the "stars" and "likes" to not be very helpful anyways. It is a problem that many people try to overemphasize these features, though.

> GitHub's decision-making processes regarding policy changes and feature implementations has no regard for users and it can change at any time

I do believe that there are significant problems with their policies, so they are right about that part.

> Consider open source self-hosting solutions

I think having multiple mirrors is more helpful, whether or not GitHub, Codeberg, etc are some of them. (You might want to mention the multiple mirrors in the README file. Some projects on GitHub already do this.)

The hashes can be used to identify git objects regardless of which mirrors are being used, and you can also have signed commits.