I think github.io is explicitly registered as a shared second level domain (similar to co.uk), which also ensures browsers don't allow cookies spanning multiple subdomains.
There are two halves to the list. The first ("ICANN") half are suffixes that work like a TLD from the perspective of the DNS registry. Nominet handles registration in .co.uk or .org.uk or .net.uk the same way another country might choose to handle their whole TLD.
The rest is names whose registered owners do the same thing as a registry for the public or some subset of them, like Blogger or a cheap bulk hosting site where you don't pay for a name.
PSL listing has a variety of effects. Don't do it hoping to achieve one of them and then being disappointed by the others. Do it because you have a real public suffix.
For example many browsers won't let Cookies escape a suffix, so company A.some.example and companyB.some.example can't share cookies if some.example is on the PSL. Let's Encrypt name quotas care about the PSL so companyA.some.example certs wouldn't share quota with companyB.some.example. DMARC won't work on a public suffix, but HSTS preloading does.
