Yes, that option is the real “just do this”.

- escape `<` as `\u003c`

  <script id="my-json" type="application/json">{{ escaped_json }}</script>

  JSON.parse(document.getElementById('my-json').textContent)

No __proto__ issue, and no dynamic code at all, so you can use a strict CSP.