The way releases are made on Github is that a branch is chosen to appear in the Release tab, and Github compresses the branch into an archive and puts it in the Releases tab labeled as source code, so the sources you download form Releases really is the one that matches the Github repo[1].
As for the binary files, it's already been stated that there's no way to verify them. In fact, Github lets you upload any file from your computer and it will label it as a binary. It's supposed to be an executable or installer or a compressed folder of a portable program that is compiled from the source tree but it can be abused to upload malware.
Bitcoin's Github page says you should download the exe's from bitcoincore.org so use that instead of downloading them for Github.
[1]
https://help.github.com/en/github/administering-a-repository/managing-releases-in-a-repository