That definitely helps, but I don't think it solves the compromised machine scenario.
If the attacker has shell access to the dev's laptop, they are likely just running commands directly from that machine (or proxying through it). So to GitHub, the traffic still looks like it's coming from the allowed IP.
Allowlists are mostly for stopping usage of a token that got stolen and taken off-device.
