This is really interesting. I'm generally wary of adding encryption into a protocol at this level, instead, preferring it at the transport layer for example by providing an HTTP Authorization header. But you've made some interesting arguments about being able to reuse the existing WebSub mechanisms that are worth exploring more.
I think my main concern, which you sort of hinted at, is that the feed will essentially leak info about how many followers someone has, as well as this potentially including a _lot_ of data as someone's followers grow to the hundreds.
Have you seen the work going on around making IndieAuth work in a server-to-server environment without user interaction? The idea with that is to let a feed reader fetch a private feed on behalf of a user. https://indieweb.org/AutoAuth