Paranoid - vulnerable html? safest approach?

[ParanoidPanda]

Hello,

I'm paranoid about generating private keys. Specifically, about the step involving downloading bitaddress.org "source code" from github to a flash drive and then from the flash drive onto an air-gapped machine. How can I know that the html file isn't corrupted with code that generates private keys already in possession of a malicious actor?

I know nothing about github security, and very little about github in general.

I can check my [random entropy input] on different online-wallet-generator html codes (eg, the html from brainwallet, safepaperwallet, bitcoinpaperwallet, etc), to see the private/public key output they generate. If these are the exact same as the ones generated by bitaddress.org, presumably there's a darn good chance none of them is corrupted... (unless they all are). Is this good enough? Why or why not?

And a few related questions:
(1) does the Linux command line "echo -n my_die_rolls | sha256sum" generate the same private key (using dice roll entropy input) that the code at bitaddress.org code (or brainwallet or safepaperwallet or bitcoinpaperwallet) generates? If so, why use any of these html options? Wouldn't it just be safer to use Linux, since it's such a broadly-used/secure software? (And how in this case do you generate the public key to go with that private key?)
(2) Are there similar command lines in Mac OS X? (I was thinking of running an old version of OS X on a virgin hard drive on an old laptop of mine, as my air-gapped machine. Any foreseeable problems with this? If so, how do I get a trustable version of Linux onto a DVD to install it without internet?)
(3) Is there a different command line that can use a 10-sided die or card shuffling as the source of entropy? (How do you change from a base-6 system to base-10 or base-n?)

Many thanks,
ParanoidPanda