Please don't do this. It gives the user the illusion that their connection is secure, but the connection between Cloudflare and the site is not secure. Arguably it's better to encrypt some of the route rather than none of it, but also giving people a false sense of security comes with its own drawbacks.

Actually "flexible" might not be needed, "full" without strict should work. Traffic is still over TLS, but a valid named certificate is not required.

I think the user mostly cares about his connection to anything outside his network (e.g. for public WiFis).

You should set it to "Full" instead. That will use TLS but won't verify the domain name in the certificate like it does in "Strict" mode so you can still use Github pages.