You could get an android tablet that can run LineageOS and install that on there without GApps/microg, so without any Google services. That way you can have a Google free tablet that’s also properly optimized for a touch workflow.
If you still want a tablet with a proper GNU/Linux distro you basically have two choices I know of right now:
One is the Pinetab 2, it’s not too expensive, but the hardware is a bit limited, both in terms of processing power and display. Software support can also be spotty.
The other would be buying a x86 tablet and installing a regular Linux distro on there. I personally had some luck with the Microsoft Surface tablets, but you can get cheaper ones too. Just check on whether Linux will properly run on it beforehand, especially the cheaper Chinese ones based on Atoms often have driver issues or don’t even boot Linux at all (my biggest enemy on cheap devices: 32bit UEFI with 64bit OS. It’s nearly impossible to boot Linux on those).
There’s also the Librem 11 but in my opinion it’s overpriced for the hardware
Yeah, if the attacker is in a position to do a MitM attack you have much larger problems than a ssh vulnerability that so far can at most downgrade the encryption of your connection in nearly all cases