It is important to emphasize that Tornado cash is not a company but a smart contract that no particular person controls; it is essentially as censorship-resistant and decentralized as the underlying blockchain upon which it is built. In other words, it cannot be "banned" easily.
I don't think it is legal for Tornado Cash to be on the OFAC SDN list. I don't think it meets the criteria.
The fact that Tornado Cash is not an actual entity (nor a person) makes it difficult to get it off the SDN list. I am not an expert in the relevant law, but most likely, someone who sends/receives coin to/from the Tornado Cash smart contract and subsequently encounters problems would need to pursue litigation.
Tornado Cash has essentially been "banned" via intimidation. That means the US government is threatening severe consequences for using this particular smart contract. From a technical perspective, nothing is preventing an arbitrary person from sending an arbitrary amount of coin to the smart contract address, however, I think few (if any) people will because of these threats.
So, the question that bothers me is could the same happen to Bitcoin? What will happen to Bitcoin if the US Government suddenly decides to take down its Github repos?
See my above comments. The Biden administration is not exactly known for its competence, or its ability to follow the law. From a technical perspective, many people have copies of the code for bitcoin core, and people would need to obtain the code from what they believe to be a reliable source if they need the code for whatever reason. However, I would again refer you to my comments about the intimidation by the US government.