“When I told him that this was an email that was no longer available to me, and that it hadn’t been my email of record with GoDaddy for more than 20 years, he said he could change the address, but that would require me to activate two-factor authentication, and that there would then be a 24-hour delay before he could make the required changes.”

Sounds more like a security issue honestly. Not sure you would want them to simply take your new email as trustworthy

"This seemed to be helpful, but then he told me that he was having the system send to me by email a password that I would have to relay back to him. This wouldn’t be a problem except he was sending it to an email address I haven’t used since the 1990s."

What in the world? If this is true GoDaddy is a joke. This is exactly what a scammer/phishing attempt would look like.

I was a shared hosting provider for about a decade but ended providing that service.

Do people still rent shared hosting or is everyone on public cloud now or on those free byo website services like wix etc

As much as i hate it, the vast majority of websites are sitting on shared hosts. I've worked with plenty of tech companies where developers built apps on a public cloud, but the landing page was managed by a marketing team and therefore WordPress on godaddy or bluehost.

I still use shared hosting, as it comes with many benefits apart from the hosting itself: email accounts (from a reputable server that doesn't get sent to spam), backups, (free) cPanel, etc.