I've never heard about Local-in policies being less intensive to the Fortigate in processing, so cannot confirm nor deny it. Regarding usage pattern, yes, I still think it would add complexity and unneeded processing to those rules. BAsically, you want to allow specific IPs to access specific management ports, then deny any any. In newer versions, 7.2.x, indeed you have GeoIP option as source address, but the only use case I can think of is to restrict access to SSL VPN portal by Geo. But again, for that you can use Geo objects directly in the VPN SSL Settings, this will do the same job and will be more visible in configuration.
Reagrding the 2nd, yes, DDoS is processed before the security rules, but to use it as ACL you have to "full" the Fortigate by using very small -> 0 tresholds for DDoS protections, while using ACLs, which are also processed before security rules, you can block as expected and have it offloaded to the hardware as well.
There is no black or white here of course - every case should be assessed individually.