Would it really make a difference if they just added a CNAME from foobar.github.com to point at github.github.io?
Yes, that would help, but it's not very discoverable.
I think a certificate mechanism would be much more appropriate for that.
The SSL certificate should be emitted for github.com and github.io
Of course since github.io is rented out, it doesn't make sense. But if you ever have an alias, that's the way to do it, if I get a link to getproduct.com and it gets redirected to product.com I can check the cert and see that it was issued for both domains.
Yes, that would help, but it's not very discoverable.
I think a certificate mechanism would be much more appropriate for that.
The SSL certificate should be emitted for github.com and github.io
Of course since github.io is rented out, it doesn't make sense. But if you ever have an alias, that's the way to do it, if I get a link to getproduct.com and it gets redirected to product.com I can check the cert and see that it was issued for both domains.