Am I correct to assume the tarball file I downloaded has not failed the hash matching test based on the line I read below?
gpg: Good signature from "Wladimir J. van der Laan
The line saying that the hash matches was this one:
john@mylaptop:~/Downloads$ sha256sum --ignore-missing --check SHA256SUMS.asc
bitcoin-0.18.1-x86_64-linux-gnu.tar.gz: OK
In short, do I have an authentic legitimate tarball file? If yes, what line from the Terminal output is that decision based on?
Yes.
The line from above says that:
gpg: Good signature from "Wladimir J. van der Laan
Additionally, does my tarball file not failing this hash matching mean using the PPA installation method is now risk free?
No.
What you have done is:
Downloaded tarball -> verified it.
This means you are now free to safely install it.
If you however use the PPA method, you are adding a private repository to your list of repositories.
Then, if you'd do
apt-get install .., you would be downloading the files again from this repository.
In your case, just untar the files and install them. You verified them.
Please note that the PPA method isn't unsafe per se.
But since you already downloaded and verified the tarball, stick with that would be my suggestion.