It is a theoretical question - and its also not how DNS works.
You make the choice to delegate a subdomain of your domain to someone else. That’s fine. Its your choice as the domain owner.
The subdomain can’t issue a cert for the root (that shouldn’t be allowed) - so its still not an issue.
In the eyes of the domain registrar (and just about everyone else), the root domain owner is the owner of all subdomains. You can’t honestly say user X would own the domain / rights for, say, userx.github.com, right?