And as another comment mentions, GitHub Pages now offers HTTPS certificates [1] for custom domains, so GitHub Pages alone is sufficient for most static websites.
I started there but didn’t like having my drafts and unfinished ideas visible in the repo. I now maintain my site in a private repo and publish to S3. Not sure if that’s possible now in Github or not.
Actually I'm not sure if it makes sense. If you had gh pages from a private repo, they would be public (in the sense that they are published on the open web) - so that won't solve the OP's problem.
IMO the simplest solution for the OP is to have a private repository where he does any draft work, and then pushes the master branch (or whatever) to the public repo in order to "publish".
This option is available with or without a paid account, and I don't see any significantly better option available to paid accounts. The only thing you could do there is publish your pages from a private repo, and maintain your drafts in branches in the same repo. That is virtually identical to the original suggestion except that "master branch in public repo" is replaced by "master branch in private (same) repo" which probably makes little practical difference in the workflow.
Well, the html files of your website are of course public information once you publish them, and you can copy the html files to a public repo as part of the build process. When I tried Hugo a couple years ago, I had it set up to do just that (output to a different repo). There was no difference on my end. No matter how you build your site, you can always add the copying at the end of your Makefile or whatever method you use.
And as another comment mentions, GitHub Pages now offers HTTPS certificates [1] for custom domains, so GitHub Pages alone is sufficient for most static websites.
[1]: https://github.blog/2018-05-01-github-pages-custom-domains-h...