There’s a very easy solution that lets you rest easy that your instance is how you want it to be: don’t do open registration. Vet the people you invite, and job done. If you want to be even safer, don’t post publicly - followers only. If you require follower approval, you can do some basic checks to see that whoever sends a follow request is someone you’re okay interacting with. This works on the microblogging side of the Fediverse quite well, today.
What I’m trying to say is that with registrations requiring admin approval gets you 99% of the way there, without needing anything more complex than that.
…and here I am, running a blog that if it gets 15k hits a second, it won’t even bat an eye, and I could run it on a potato. Probably because I don’t serve hundreds of megabytes of garbage to visitors. (The preview image is also controllable iirc, so just, like, set it to something reasonably sized.)